tomcat session cookie expiration
177 views
Skip to first unread message
Freedom K
Jan 2, 2023, 10:59:50 AM1/2/23
to CAS Community
Hi everyone.
What is the default expiration time for the JSESSION cookie of tomcat for cas?
I would like to increase it, as I thing it is small right now, but it is not working when I use the
server.connection-timeout or server.session.timeout configs.
The problem:
I notice that when I try to login to an app via CAS, with okta as authenticator, the JSESSION changes if I do not authenticate quickly, making the service to be lost (as is stored in the session) and redirecting me to CAS green screen instead of the app's screen.
I notice that when I try to login to an app via CAS, with okta as authenticator, the JSESSION changes if I do not authenticate quickly, making the service to be lost (as is stored in the session) and redirecting me to CAS green screen instead of the app's screen.
So the normal path in my setup is
1. application login page
2. redirection to cas (JSESSION creation)
3. redirection to okta
4. redirection back to cas
5. redirection back to application
but if in step 3 I do not give the credentials immediately and wait for some minutes,
the JSESSION is changing, causing the path to finish in step 4. (and not be able to create service ticket)
Have anyone faced this issue before or know how this could be fixed?
I am using cas 5.2.9 and Spring Boot Version: 1.5.12.RELEASE Apache Tomcat/8.5.35
Thank you,
Ria
Reply all
Reply to author
Forward
0 new messages