For the sites that use the CAS module to handle single sign on and single sign out, the auto logout functionality doesn't kill the cas session. Since the cas session isn't killed, users can reload the page and their session will be restored even after a drupal logout.

Maybe there can be an admin checkbox to enable support for cas? Or maybe just check if the module is enabled then log them out of cas as well.

Use the cas_logout() function to properly log out of drupal and cas.

Thanks for the nice module!

Comments

johnennew’s picture

johnennew commented
Status: Active » Postponed

This probably could be done but needs someone to write the code. Marking as postponed for someone to take up the challenge.

ibakayoko’s picture

ibakayoko commented

I was able to achieve the logout with cas on drupal 7 by modifying the _autologout_logout function see code below:

function _autologout_logout() {
  global $user;

  if (variable_get('autologout_use_watchdog', FALSE)) {
    watchdog('user', 'Session automatically closed for %name by autologout.', array('%name' => $user->name));
  }

  if (module_exists('cas')) {
      cas_logout(TRUE);
  } else {
      // Destroy the current session.
      module_invoke_all('user_logout', $user);
      session_destroy();

      // Load the anonymous user.
      $user = drupal_anonymous_user();
  }
}
the_g_bomb’s picture

the_g_bomb commented
Issue summary: View changes
Status: Postponed » Closed (won't fix)
Issue tags: +DevDaysAthens2026

The last comment is 10 years old; closing due to lack of response.
This is for an unsupported version.
Please reopen if this is still needed in a more recent branch.

Now that this issue is closed, review the contribution record.

As a contributor, attribute any organization that helped you, or if you volunteered your own time.

Maintainers, credit people who helped resolve this issue.