A flexible security framework for Rack (and Rails) apps. Good for integration with legacy systems, CAS SSO (including proxying), machine and interactive authentication, and much more.
SessionTimer's current implementation interferes with CAS SSO when there's a timeout. Example scenario:
Applications A and B are protected by the same CAS server, application session timeouts are n, CAS session timeout is 3n.
User logs into A
User follows a link to B
User actively uses B for n + 1 minutes
User follows a link to back to A
Expected behavior: the user can use A without logging back in.
Actual behavior: on detection of the user's timed-out session in A, the user is redirected to /logout. This kills both the application and CAS session, requiring the user to log back in. It also leaves the user on the CAS logout page, rather than the page she was trying to reach.
SessionTimer's current implementation interferes with CAS SSO when there's a timeout. Example scenario:
Applications A and B are protected by the same CAS server, application session timeouts are n, CAS session timeout is 3n.
Expected behavior: the user can use A without logging back in. Actual behavior: on detection of the user's timed-out session in A, the user is redirected to
/logout
. This kills both the application and CAS session, requiring the user to log back in. It also leaves the user on the CAS logout page, rather than the page she was trying to reach.