[Hypercontent-users] Further discussion on HC logout
Brought to you by:
alexvigdor
Menu
▾
▴
[Hypercontent-users] Further discussion on HC logout
|
From: tom t. <j_l...@ya...> - 2007-03-08 03:57:06
|
Hi Alex, Sometime back I asked you a question regarding HC logout and you cleared the doubts I had, I have attached the disucussion we had bottom of the mail, (http://sourceforge.net/mailarchive/forum.php?thread_id=30987603&forum_id=38700) Well I thought I got more suggestions into this, Similar to the HC Link in the uPortal, we got links for WebCT and Mail and Library etc all SSO enabled and also all the links pops up in a new window with the application. None of these got the issue we had with HC which describes in the bottom of this mail, that is eventhough we dont close all the browser instances, if we logout uPortal login back again as a different user and click WebCT or Mail link it will not pick the previous user but the new user. I understand that Logging out of uPortal and CAS does NOT terminate the browser's session with HyperContent, but let me know whether following makes any sense uPortal channel got a link to HC as follows http://<HC server>/hypercontent?mode=login this guarantees(because mode=login) that HC will again contact CAS by calling serviceValidate, the serviceValidate will give the CAS XML with uid and other attributes. Isnt it possible to cross check the this uid with the session userId and if different call the session invalidate() method or throw out a error, Please let me know if am in the wrong track, What my objective is to get HC logout behaviour similar to the WebCT and mail so that everything look consistent. Thanks -------------FROM A PREVIOUS MAIL-------------------------- I observed the following behaviour (defect ?) in HC while doing the following. HC is casified and working fine with CAS and uPortal. Users login to uPortal via CAS and one of uPortal channel got a link to HC. Look at the following use case. 1) user 'AUTHOR_HC' login to uPortal via CAS.(authentication is successful) 2)clicks HC link to edit content 3)HC opens in a new window with 'You are logged in as AUTHOR_HC' 4) user edits contents and saves 5) closes the HC browser window (wihout pressing logout link in HC). 6) user presses uPortal logout which in turn call the cas/logout 7) Different user login to uPortal via CAS as user 'APPOVER_HC' 8) click the HC link in uPortal, HC opens in a new browser Window .............. But still it shows the previous users welcome message which is 'You are logged in as AUTHOR_HC' Why doesnt the HC cleans out everything. Is this a limitation? Different users can use the same workstation in our case. Alex's answer ------------- This is the expected behavior. Logging out of uPortal and CAS does NOT terminate the browser's session with HyperContent. The user must close all browser windows for the session cookies to be cleared. This should be clearly conveyed to the user. Single Sign Out, the ability for the user to log out of CAS and all applications that use CAS for login, is a planned feature for a future CAS release. ____________________________________________________________________________________ It's here! Your new message! Get new email alerts with the free Yahoo! Toolbar. http://tools.search.yahoo.com/toolbar/features/mail/ |
