I have found the solution. For each web application which is being authenticated through CAS needs to set their own session-timeout settings in web.xml
. Once the session times out for the application, it goes for an authentication at the CAS server. If the ticket has more life, you will be redirected to defaultTargetUrl
, if specified. If the ticket is expired, you will be prompted for the credentials again.
How I have configured is that, keeping the ticket expiry to same as the session timeout in my web applications. Once the session times out at my web application, it goes and finds that the ticket is already expired since the validity is same as that of the web application and prompts to login again.