Consumed tickets
alexsilva opened this issue · 2 comments
I did not understand exactly why a ticket can only be used one time. If I check if it is valid only one time it is no longer valid because it was consumed.
This forces the user to log in all the time on the site!
Can anyone give me a hand in this issue ?
A service ticket is intended to be used only once by design, as part of the authentication negotiation between the client and the server. Once successfully authenticated, the user is logged in with a standard Django session and the session duration is controlled by Django (the default is two weeks). The ticket is consumed as part of that process for security, to ensure it cannot be reused by that user or anyone else.
If you're having to log in every time you hit a SSO configured site, check to make sure the authentication is succeeding and the sessions are being created as expected. You can use the stock ModelBackend to take CAS completely out of the picture and verify behavior.
Thanks!
I was unsure how the project worked, but this solved django-cas-consumer