mj_mccormack

changing if ( empty($_SESSION['phpCAS']['user'])) in the above function to if (!phpCAS::isAuthenticated()), this removes the dependency on the phpCAS session variable.

Ok, just in case anyone needs this in their CAS implementation, to get single sign out to work requires two parts.

First, add a call to phpCAS::handleLogoutRequests() in cas-authentication.php(or wpcas/wpcas.php if you are using it) (around line 57 in the “if ($cas_configured)” block.

This catches the sign out event from your CAS server and clears the phpCAS session var(s).

Second, you’ll need to add an additional check in the get_currentuserinfo() function to check for the CAS session var(s), as well as the cookies before returning the user (or not). I’m doing this by overriding this pluggable function. Here’s the updated/overriden function:

if ( !function_exists('get_currentuserinfo') ) :
/**
 ...
 */
function get_currentuserinfo() {
	global $current_user;

	if ( defined('XMLRPC_REQUEST') && XMLRPC_REQUEST )
		return false;

	if ( !empty($current_user) )
		return;

	// --- Start of Additional CAS check

	// phpCAS sets a server side var in the session when someone logs in
	// and clears it when they logout (phpCAS::handleLogoutRequests)
	// so if it's not set, they are not logged in using CAS
	if ( empty($_SESSION['phpCAS']['user']))
		return;

	// --- End of Additional CAS check

	...
}
endif;

Hope this helps some of you, and if any one thinks of a better way of doing this, let me know

Martin