Hello, I have a webapp that uses Spring Security and SSO with CAS. There's also another webapp (in Classic ASP) that connect to CAS. And this situation happens sometimes:
Logged in to Java webapp and do stuff. 12 hours later (session has expired long ago) user goes to same page and it displays without redirecting to login page. This page has nocache for various web browsers so that should not be an issue.
If the user goes to the asp webapp. It asks for login so my guess is that cas had no ticket assigned for the user but how could he see the java web page?
Any help will be appreciated. Thanks