No single-sign-out notifications issued on re log-in

rubycas / rubycas-server

Provides single sign-on authentication for web applications, implementing the server-end of Jasig's CAS protocol.

http://rubycas.github.com

Other

628 stars 270 forks source link

Open vemv opened 11 years ago

vemv commented 11 years ago

When one presented with the screen:

You are currently logged in as 'foo'. If this is not you, please log in below.

And one proceeds to log in (instead of visiting /logout first), no single single-sign-out notifications seem to be issued.

vemv commented 11 years ago

Note that this represents a severe issue - the newly-logged-in user may now have access to applications he doesn't have authentication rights for.