Shib with REST and AJAX Best Practices
Peter Schober
peter.schober at univie.ac.at
Tue Sep 13 14:10:56 BST 2011
* Russell J Yount <rjy at cmu.edu> [2011-09-13 14:17]:
> One possible alternative I have suggested would be to have the
> application manage its own session (using on authentication page
> protected by Shibboleth).
Leaving session management for your protected resource to the
application (instead of the webserver by means of mod_shib) does not
avoid the app having to authenticate /somewhere/ once correctly.
It just means you'll have two sessions to take care of, one of which
can be forgotten about (low timeout value) after a minute or two.
-peter
More information about the users
mailing list