cosign-discuss at umich.edu
general discussion of cosign development and deployment
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: Cosign @ uMich and logging out
We use the example perl logout script that comes with the cosign src
distribution. We install it locally on each protected service in
/cgi-bin/logout (wish I'd chosen another URI, but it works). This
1. expires the service cookie
1a. can be modified to do whatever other clean-up you like (freeing
DB sessions, for example).
2. redirects the user to our central logout cgi (the one written in
C) and that prompts the user to logout.
We link to /cgi-bin/logout from all of our applications with a visible
"logout" link and encourage other application providers to do the same.
We have not published a central "logout" url, but visiting
"https://weblogin.umich.edu/" when already authenticated displays a
list of protected services and a link to the central logout CGI.
On Feb 28, 2005, at 10:43 PM, Brett Lomas wrote:
Hi Kevin, and others
just a quick question I have about how you guys have deployed CoSign.
How have you handled logouts from applications? The reason I ask is we
are in the process of converting our top applications to use CoSign and
are wrestling with the logout idea and are wondering if we should
any idea of logging out of the application etc. Also, how do you get
students to logout of CoSign in general? do you publish the URL and
have to go there manually?
... "I love being weird, or at least, I've made my
peace with it." ...