[phpcas-users] Improved example_simple.php to add a redirection so that URL no longer exhibits 'ticket' arg

[Olivier Berger < >]

Hi.

When trying example_simple.php I get succesfully authentified, but after
the redirection from the CAS server, example_simple.php is invoked with
the ticket arg, which stays in the URL of the page.

So if I try to reload that page, it says the ticket is invalid and that
I need to re-authenticate :
"You may submit your request again by clicking here."

Of course this points back to the script without the ticket arg, and
this time access is granted immediately.

I think this is of course demonstrating the protocol, but is not really
representative of what users may be expected to see in web applications
that would be cas-ified. If URLs of these apps contain the 'ticket' argn
then reloading in the browser would fail ?

Then I think that when the script is called back with the ST ticket upon
successful login, it should then appear to the user without any 'ticket'
arg in the URL.

This can be achieved with one more redirection to itself, without the
ticket arg this time...
 
Thus, may I suggest that the example_simple.php be complemented with
something like this after the 'logout' param test:

if (isset($_REQUEST['ticket'])) {
   $host  = $_SERVER['HTTP_HOST'];
   $uri   = $_SERVER['SCRIPT_NAME'];
   header("Location: http://$host$uri";);
   exit;
}

Comments, remarks ?

Best regards,
-- 
Olivier BERGER 
<
 >
http://www-public.it-sudparis.eu/~berger_o/ - OpenPGP-Id: 1024D/6B829EEC
Ingénieur Recherche - Dept INF
Institut TELECOM, SudParis (http://www.it-sudparis.eu/), Evry (France)