Re: Cosign @ uMich and logging out

[Mark Montague <markmont@xxxxxxxxx>]

On Mon, 28 Feb 2005, kevin mcgowan wrote:

> We use the example perl logout script that comes with the cosign src
> distribution.
> >
> > just a quick question I have about how you guys have deployed CoSign.
> > How have you handled logouts from applications? The reason I ask is we
> > are in the process of converting our top applications to use CoSign and
> > are wrestling with the logout idea and are wondering if we should
> > remove
> > any idea of logging out of the application etc. Also, how do you get
> > students to logout of CoSign in general? do you publish the URL and
> > they
> > have to go there manually?

One thing you need to keep in mind is that if a user logs out of
the application but does not log out of the central cosign servers,
then they will automatically and transparently given a new service
cookie for the application if they re-visit it.

For many applications, this is not a problem, just something that
you need to be aware of and possibly explain to your users.

For some applications, though, you may not want users re-entering
the application through any old URL.  Some applications may require
session-setup such as license checkout, session files created by/
within the application, etc.  For these types of applications, you
can use the CosignSiteEntry directive -- if a cosign service-cookie
is not already set, the user will be redirected to the URL
specified by this directive so that session initialzation specific
to the web application can be done.

I hope this helps.

            Mark Montague
            LS&A Information Technology (not a part of Kevin's team)
            markmont@xxxxxxxxx