proxy tickets and sliding session window

[Ray Bon]

We are using CAS proxy to connect Roundcube webmail client to our IMAP server. For this we have a no longer developed phpCAS plugin.

If we set CAS to a sliding session window, Roundcube's repeated requests for proxy tickets will keep the CAS session active indefinitely until the browser is closed.

When setting CAS to a hard time out (say 8h), Roundcube opts to use an expired PT, which in turn results in the IMAP proxy (dovecot) using it as a password in LDAP which eventually locks the user's account.

We can modify the plugin to listen for a failed PT request and end the client session. But before we do that, I would like to know what others have done.

How do you manage webmail client sessions (or do you)?

Do you have a webmail system that handles this gracefully?

This behaviour is not limited to webmail so any other perspectives are welcome.

Thanks

Ray

P.S. Roundcube makes a request to check incoming mail every few minutes. Each request gets a new proxy ticket. With a sliding window, CAS extends its session each time.

-- 
Ray Bon
Programmer analyst
Development Services, University Systems
2507218831 | CLE 019 | rb...@uvic.ca