Versions Compared

Old Version 10

changes.mady.by.user ScottS

Saved on

compared with

New Version Current

changes.mady.by.user ScottS

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.
Comment: Migrated to Confluence 5.3

...

By default, the CAS Ticket Granting Cookie (browser-side representation of the Ticket Granting Ticket which allows the browser to participate in CAS SSO session) is configured to expire when the user closes the browser (ends the browser session).

Code Block
java
java
titleLogin.java sendTgc methodjava
/**
   * Creates, sends (to the given ServletResponse), and returns a
   * TicketGrantingTicket for the given username.
   */
  private TicketGrantingTicket sendTgc(String username,
               HttpServletRequest request,
               HttpServletResponse response) throws ServletException {
    try {
      TicketGrantingTicket t = new TicketGrantingTicket(username);
      String token = tgcCache.addTicket(t);
      Cookie tgc = new Cookie(TGC_ID, token);
      tgc.setSecure(true);
      tgc.setMaxAge(-1);
      tgc.setPath(request.getContextPath());
      response.addCookie(tgc);
      return t;
    } catch (TicketException ex) {
      throw new ServletException(ex.toString());
    }
  }

...

Setting the cookie instead to have a maximum age of some particular number of seconds produces a cookie that browsers are requested to persist across sessions until the number of seconds have elapsed.

Code Block
java
java
1Setting the cookie to last a weekjava
tgc.setMaxAge(302400);