-
Notifications
You must be signed in to change notification settings - Fork 97
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Logout action #48
Comments
👍 |
I've implemented this functionality in https://github.com/ikogan/mod_auth_cas/tree/v1.1. It isn't very well tested yet though. I have a PR open here dhawes#5 which we'll hopefully get merged all the way down to here at some point. There's some RPMs available as well: https://github.com/ikogan/mod_auth_cas/releases/tag/v1.1.1. |
It would be beneficial to get a logout endpoint that just destroy's the server's session, as javascript can't see the MOD_AUTH_CAS_S cookie when HttpOnly is set, and when the apache tries to delete the cookie with Set-Cookie, |
This is an overly simplistic implementation that expires the cookie and redirects: https://github.com/dhawes/mod_auth_cas/tree/cas-logout-tests
Is this the basic functionality that people want?
|
Yes, that is the basic functionality. I ended up getting it working with server side code using set-cookie to delete the user's cookie in the browser. Though killing the session in mod_auth_cas ensures it can't be resumed though cookies leaking out of the browser somehow. |
Implement a logout handler which deletes the local CAS session and redirects to the global CAS logout page.
The text was updated successfully, but these errors were encountered: