...
By default, the CAS Ticket Granting Cookie (browser-side representation of the Ticket Granting Ticket which allows the browser to participate in CAS SSO session) is configured to expire when the user closes the browser (ends the browser session).
Code Block | |||||||
---|---|---|---|---|---|---|---|
| |||||||
/** * Creates, sends (to the given ServletResponse), and returns a * TicketGrantingTicket for the given username. */ private TicketGrantingTicket sendTgc(String username, HttpServletRequest request, HttpServletResponse response) throws ServletException { try { TicketGrantingTicket t = new TicketGrantingTicket(username); String token = tgcCache.addTicket(t); Cookie tgc = new Cookie(TGC_ID, token); tgc.setSecure(true); tgc.setMaxAge(-1); tgc.setPath(request.getContextPath()); response.addCookie(tgc); return t; } catch (TicketException ex) { throw new ServletException(ex.toString()); } } |
...
Setting the cookie instead to have a maximum age of some particular number of seconds produces a cookie that browsers are requested to persist across sessions until the number of seconds have elapsed.
Code Block | ||||||
---|---|---|---|---|---|---|
| ||||||
tgc.setMaxAge(302400); |