authorizer icon indicating copy to clipboard operation
authorizer copied to clipboard
verified publisher icon uhm-coe

No logout when close CAS session

Open guaracheitor opened this issue 1 year ago • 1 comments

Hi everyone and thank-you for this great plugin!

I've managed a multisite WP. Login process is perfect, but if I close the CAS session, WP session remains open.

Any hint?

Regards, Inti

guaracheitor avatar Mar 08 '24 10:03 guaracheitor

Is your CAS server configured for SLO (Single Logout)? https://apereo.github.io/cas/7.0.x/installation/Logout-Single-Signout.html#single-logout-slo

If so, we can work on responding to that event notification. Our institution has it disabled so we never built the functionality to destroy the WordPress session on CAS logout.

Alternatively, you can shorten the length of the WordPress sessions so they invalidate quicker, requiring a round trip back to CAS to authenticate. This would at least shorten the time between CAS logout and WordPress logout. https://developer.wordpress.org/reference/hooks/auth_cookie_expiration/

figureone avatar Mar 08 '24 18:03 figureone