Re: [Hypercontent-users] Further discussion on HC logout

SourceForge Headquarters 225 Broadway Suite 1600 San Diego, CA 92101 +1 (858) 422-6466

Hi,
	I think the problem may be traced to  
org.hypercontent.server.commands.Login:  on line 82 this class checks  
whether the current session is already authenticated before running  
authentication providers.  You might try disabling this check to see  
if you get the desired behavior.  A more sophisticated fix would, as  
you suggest, run the authentication providers and compare the results  
with the existing authenticated user.

Cheers,
	Alex

On Mar 7, 2007, at 10:56 PM, tom tom wrote:

> Hi Alex,
>
> Sometime back I asked you a question regarding HC
> logout and you cleared the doubts I had, I have
> attached the disucussion we had bottom of the mail,
>
> (http://sourceforge.net/mailarchive/forum.php? 
> thread_id=30987603&forum_id=38700)
>
>
> Well I thought I got more suggestions into this,
> Similar to the HC Link in the uPortal, we got links
> for WebCT and Mail and Library etc all SSO enabled and
> also  all the links pops up in a new window with the
> application. None of these got the issue we had with
> HC  which describes in the bottom of this mail, that
> is eventhough we dont close all the browser instances,
> if we logout uPortal login back again as a different
> user and click WebCT or Mail link it will not pick the
> previous user but the new user.
>
> I understand that Logging out of uPortal and CAS does
> NOT terminate the browser's session with HyperContent,
>
> but let me know whether following makes any sense
>
> uPortal channel got a link to HC as follows
>
>   http://<HC server>/hypercontent?mode=login
>
> this guarantees(because mode=login) that HC will again
> contact CAS by calling serviceValidate, the
> serviceValidate will give the CAS XML with uid and
> other attributes.
>
> Isnt it possible to cross check the this uid with the
> session userId and if different call the session
> invalidate() method or throw out a error,
>
>
> Please let me know if am in the wrong track, What my
> objective is to get HC logout behaviour similar to the
> WebCT and mail so that everything look consistent.
>
> Thanks
>
>
>
>
>
>
>
>
>
>
>
> -------------FROM A PREVIOUS
> MAIL--------------------------
>
>  I observed the following behaviour (defect ?) in HC
>  while doing the following.
>
>
>  HC is casified and working fine with CAS and uPortal.
>  Users login to uPortal via CAS and one of uPortal
>  channel got a link to HC. Look at the following use
>  case.
>
>  1) user 'AUTHOR_HC' login to uPortal via
>  CAS.(authentication is successful)
>
>  2)clicks HC link to edit content
>
>  3)HC opens in a new window with 'You are logged in as
>  AUTHOR_HC'
>
>  4) user edits contents and saves
>
>  5) closes the HC browser window (wihout pressing
>  logout link in HC).
>
>  6) user presses uPortal logout which in turn call the
>  cas/logout
>
>  7) Different user login to uPortal via CAS as user
>  'APPOVER_HC'
>
>  8) click the HC link in uPortal, HC opens in a new
>  browser Window ..............
>
> But still it shows the previous users welcome message
> which is 'You are logged in as AUTHOR_HC'
>
> Why doesnt the HC cleans out everything. Is this a
> limitation?
> Different users can use the same workstation in our
> case.
>
> Alex's answer
> -------------
>
>
> This is the expected behavior. Logging out of uPortal
> and CAS does
> NOT terminate the browser's session with HyperContent.
> The user must
> close all browser windows for the session cookies to
> be cleared.
> This should be clearly conveyed to the user. Single
> Sign Out, the
> ability for the user to log out of CAS and all
> applications that use
> CAS for login, is a planned feature for a future CAS
> release.
>
>
>
>
> ______________________________________________________________________ 
> ______________
> It's here! Your new message!
> Get new email alerts with the free Yahoo! Toolbar.
> http://tools.search.yahoo.com/toolbar/features/mail/
>