short-circuit SSO?

Paul Hethmon paul.hethmon at
Mon Nov 19 13:06:48 EST 2012

It seems like if you use your own Session object, you could stuff an
indicator in there that this session is shorter in the login handler. Then
the filter could kill the session, or maybe you could hook into the
session filter?


On 11/19/12 1:00 PM, "Russell Beall" <beall at> wrote:

>That's what I see also.
>So, instead of manipulating the session, I believe there is a way to do a
>post-login filter, and I would like to use that to delete the cookies
>similar to the way our logout page works, but it would need to be past
>the point where the session needs to be referenced from those cookiesŠ
>Is that doable, or would that be too "hack"-ish and risky?
>On Nov 19, 2012, at 9:50 AM, "Cantor, Scott" <cantor.2 at> wrote:
>> On 11/19/12 12:19 PM, "Russell Beall" <beall at> wrote:
>>> I'm looking for the best way to shorten the lifetime or kill a session
>>> the IdP when the login process is complete.
>> As I said in another thread, I don't think there's a particularly clean
>> way to do it other than turning off PreviousSession and taking over SSO
>> either via external SSO or via custom login handler. I know how the
>> session gets created and used, and it's just too tied up in the
>> AuthnEngine and profile handlers.
>> -- Scott
>> --
>> To unsubscribe from this list send an email to
>>users-unsubscribe at
>To unsubscribe from this list send an email to
>users-unsubscribe at

More information about the users mailing list