I've encountered quite unexpected problem using Tomcat and CAS authorization. I just cannot logout in Firefox. I'm redirected to the logout page, but as soon as I reenter application url in the address bar, it is opened as if I'm logged (and I'm logged actually!).
First I've take a notable amount of attempts to fix something in tomcat config, then I've read logs, but nothing helped me actually before it comes up to my mind to check logout behavior in other browsers.
In other browsers everything work just as expected. And I'm just stuck and would appreciate if one will give me a hint.
I guess [this question][1] is in some way relative with mine, but, helas, disabling caching on the page which should me logouted doesn't help either.
UPD: Some debug information. Firefox's version is 7.0.1, unfortunately, it is not a public application and I can not provide any url. It looks like response.sendRedirect output is something that Firefox is missing. Here is minimal code that works in any browser except Firefox.
session.invalidate();
response.sendRedirect("https://app:8552/cas/logout");
HEADERS 1st REQUEST - which invalidates session and redirect to CAS logout page
REQUEST HEADERS
- Host: dev.service.net
- User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.6; rv:7.0.1) Gecko/20100101 Firefox/7.0.1
- Accept: text/html,application/xhtml+xml,application/xml;q=0.9,/;q=0.8
- Accept-Language: en-us,en;q=0.5
- Accept-Encoding: gzip, deflate
- Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
- Connection: keep-alive
- Referer: http://dev.service.net/
- Cookie: JSESSIONID=53B9469EFE9F130E9694F7406BFAB755
RESPONSE HEADERS
- Server: nginx/1.0.4
- Date: Thu, 20 Oct 2011 09:20:45 GMT
- Content-Type: text/html
- Content-Length: 184
- Location: https://dev:8552/cas/logout
2nd REQUEST - cas logout page itself
REQUEST HEADERS
- Host: dev:8552
- User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.6; rv:7.0.1) Gecko/20100101 Firefox/7.0.1
- Accept: text/html,application/xhtml+xml,application/xml;q=0.9,/;q=0.8
- Accept-Language: en-us,en;q=0.5
- Accept-Encoding: gzip, deflate
- Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
- Connection: keep-alive
- Referer: http://dev.service.net/
- Cookie: JSESSIONID=8A68F008825A0F0D14C6BF803E1332CF; GUEST_LANGUAGE_ID=en_US; COOKIE_SUPPORT=true
RESPONSE HEADERS
- Server: Apache-Coyote/1.1
- Pragma: no-cache
- Expires: Thu, 01 Jan 1970 00:00:00 GMT
- Cache-Control: no-cache, no-store
- Content-Type: text/html;charset=UTF-8
- Content-Language: en-US
- Content-Length: 1226
- Date: Thu, 20 Oct 2011 15:53:57 GMT
3rd REQUEST - we are retuninig to the page which actually should redirect us to login page, but it does not.
REQUEST HEADERS
- Host: dev.service.net
- User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.6; rv:7.0.1) Gecko/20100101 Firefox/7.0.1
- Accept: text/html,application/xhtml+xml,application/xml;q=0.9,/;q=0.8
- Accept-Language: en-us,en;q=0.5
- Accept-Encoding: gzip, deflate
- Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
- Connection: keep-alive
- Cookie: JSESSIONID=53B9469EFE9F130E9694F7406BFAB755
RESPONSE HEADERS
- Server: Apache-Coyote/1.1
- Pragma: no-cache
- Expires: Thu, 01 Jan 1970 00:00:00 GMT
- Cache-Control: no-cache, no-store
- Content-Type: text/html;charset=UTF-8
- Content-Language: en-US
- Content-Length: 1226
- Date: Thu, 20 Oct 2011 13:30:51 GMT