	cosign-discuss at umich.edu
	general discussion of cosign development and deployment

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: the "back" button on the weblogout page

To: Gavin Eadie <gavin@xxxxxxxxx>
Subject: Re: the "back" button on the weblogout page
From: Mark Montague <markmont@xxxxxxxxx>
Date: Wed, 7 Sep 2005 15:21:13 -0400 (EDT)
Cc: cosign-discuss@xxxxxxxxx
In-reply-to: <p06230916bf44c639f46f@[10.0.1.9]>
References: <p06230916bf44c639f46f@[10.0.1.9]>

On Wed, 7 Sep 2005, Gavin Eadie wrote:

I also see an Apache cosign directive which looks like it might also be useful.

CosignSiteEntry ... [ the URL to redirect to after login ]

If this is set to the URL of the application's front page, will the behavior be to bring a user who clicks "Back," as in the above scenario, to that front page and obviate the need for the application to catch the "missing session" case?


This will work in the way you ask if your application destroyed
the cosign service cookie it was using before sending the user
on to the weblogin server logout page.  When the user clicks
"back", mod_cosign on your server will see that while the user
is authenticated, that they do not have a service cookie for
the server and after doing the cosign REGISTER will then send
them off to the CosignSiteEntry.

I like Paul's solution, too, though.

                Mark Montague
                LS&A Information Technology
                markmont@xxxxxxxxx

References:
- the "back" button on the weblogout page
  - From: Gavin Eadie

Prev by Date: Re: the "back" button on the weblogout page
Next by Date: Re: mod_cosign / mod_authz_ldap behavior
Previous by thread: the "back" button on the weblogout page
Next by thread: RE: the "back" button on the weblogout page
Index(es):
- Date
- Thread