How do I kill a CAS session using a script?
https://stackoverflow.com/questions/10215850
italiano
english
français
española
中国
日本の
العربية
Deutsch
한국어
Português
Russian質問
We use a CAS and phpCAS to handle the actions between our PHP scripts and the CAS. For one of our more advanced web applications, CAS is only used for authentication, not for session management. During our logout script, we want to kill the CAS session, amongst other things. However, I cannot determine a way to remotely call phpCAS to kill the CAS session without some sort of action occurring in the browser.
From the phpCAS documentation:
phpCAS::logout()
After logout, the CAS server prints the logout page.phpCAS::logoutWithRedirectService($service)
After logout, the CAS server redirects the browser to the given URL.
Option #1 redirects to the CAS logout page. Option #2 redirects to a given URL. We need an option that does neither.
Consider this code snippet:
//Kill the CAS session
phpCAS::logout();
//Kill the cookie
setcookie("our-cookie");
//Unset hash in the database
$result = pg_query($connection, "UPDATE table SET field = null WHERE field = '".pg_escape_string($var)."'");
The default action of phpCAS to redirect the browser somewhere breaks this functionality. This script should never redirect the browser, will be called asynchronously, and the return will send a variable back to a ExtJS callback that modifies the current view.
Does anyone know how I can force the CAS server to end the session, with or without phpCAS, to allow this functionality to take place?
解決
Due to same-domain policy, it's not possible to make a proper request via GET or POST to your CAS server from a client application as an async script.
One workaround would be to include the CAS logout as a script object (similar to JSONP cross-domain requests):
function logout()
{
var head = document.getElementsByTagName('head')[0];
var script = document.createElement('script');
script.src = 'https://cas.company.com/logout';
script.type = 'text/javascript';
head.appendChild(script);
}
Negatives to this approach include:
- You don't see the successful response from the CAS server.
- There will be a warning logged to the console that HTML is being returned from a script tag.
