Wait till the ticket get timeout but the cleaner have not delete it
GO to Webapp B, ofcourse you can't login cause the ticket is expire, but CAS server delete the ticket right away without send logout request to Webapp A
The result is Webapp A still logged in and will never be logged out
Cause: CentralAuthenticationServiceImpl.java, line 195: this.ticketRegistry.deleteTicket(ticketGrantingTicketId);
Change to this to fix the problem: this.destroyTicketGrantingTicket(ticketGrantingTicketId);
Set TGT Timeout to 30 second
Set ticketCleaner interval to 3 minute
Login Webapp A
Wait till the ticket get timeout but the cleaner have not delete it
GO to Webapp B, ofcourse you can't login cause the ticket is expire, but CAS server delete the ticket right away without send logout request to Webapp A
The result is Webapp A still logged in and will never be logged out
Cause: CentralAuthenticationServiceImpl.java, line 195:
this.ticketRegistry.deleteTicket(ticketGrantingTicketId);
Change to this to fix the problem:
this.destroyTicketGrantingTicket(ticketGrantingTicketId);