remember me use

vallee.romain

unread,

Aug 27, 2018, 5:51:12 AM8/27/18

to CAS Community

Hello,

We have migrate from 4.2 to 5.2.

Our need is simple, but we can't implement it .

We put the option "remember me", with a delay of 6 months ( about).

But even following the documentation, it is impossible to have a session maintained for more than a few hours by checking the "remember me" box.

i try so many configuration... my last configuration is :

cas.tgc.rememberMeMaxAge=1209600
cas.ticket.tgt.timeToKillInSeconds=172800
cas.ticket.tgt.maxTimeToLiveInSeconds=1350000
cas.ticket.tgt.timeout.maxTimeToLiveInSeconds=1350000
cas.ticket.tgt.rememberMe.enabled=true
cas.ticket.tgt.rememberMe.timeToKillInSeconds=1350000

did anyone manage to make it happen:

when you check "remember me" to have a session maintained for XX months

when you do not check "remember me" with the session that closes at the end of the browser with a maximum time of XX hours.

I'd be very interested!

Best regards

Ray Bon

unread,

Aug 27, 2018, 12:53:06 PM8/27/18

to cas-...@apereo.org

Vallee,

When you say session, are you talking about the CAS session or the client session?

Is it possible to have a cookie that expires when the browser closes and lives for a set time?

You can use this to have the cookie expire when the browser closes:

cas.tgc.maxAge=-1

I have this note in my config (not sure if it applies to 5.2) but our config is set to expire TGC when browser closes:

# default is P14D

# used to set maxAge on user selection of remember me at login

# it is always set regardless of user choice; this is a bug to investigate

# file: https://github.com/apereo/cas/blob/5.1.x/support/cas-server-support-cookie/src/main/java/org/apereo/cas/web/support/CookieRetrievingCookieGenerator.java

cas.tgc.rememberMeMaxAge=-1

I do not have these in my config:

cas.ticket.tgt.timeToKillInSeconds

cas.ticket.tgt.maxTimeToLiveInSeconds

Ray

-- 
Ray Bon
Programmer analyst
Development Services, University Systems
2507218831 | CLE 019 | rb...@uvic.ca

vallee.romain

unread,

Aug 28, 2018, 5:44:40 AM8/28/18

to CAS Community

Thank Rbon.

now, if i want this :

if users check "rememberme", they don't need to get autentication while 1 month .

do you know how ?

if "TGT" expires, will "TGC" expire?

what differences between:

cas.ticket.tgt.rememberMe

and

cas.ticket.tgc.rememberMe

I don't find anywhere documentation about this process .

Thank you very much

Ray Bon

unread,

Aug 28, 2018, 1:15:22 PM8/28/18

to cas-...@apereo.org

The TGC settings deal with the CAS session when the browser is redirected to log in a service and can be set to live beyond browser closing. The TGT is the session on the CAS server; it is used for log in (obviously) but also back channel communication such as proxying.

I do not know what use having cas.tgc.rememberMeMaxAge expire after a cas.ticket.tgt.rememberMe.timeToKillInSeconds. I have not tested this but I suspect the log in screen would be displayed and a new cookie would be issued.

cas.ticket.tgt.rememberMe.timeToKillInSeconds can be used with other tgt setting to create sliding windows of [log in] activity, etc.

https://apereo.github.io/cas/5.2.x/installation/Configuration-Properties.html#tgt-expiration-policy

Ray

vallee.romain

unread,

Aug 29, 2018, 4:49:40 AM8/29/18

to CAS Community

thank you Mister Rbon .

i will continu to looking for !

Reply all

Reply to author

Forward