GET parameter "cancel" with Choice and CAS authentication
We use ?cancel=1
in our links to clear persistent data. Now I have this use case:
- User clicks on password reset page
- User clicks on "go to portal" page
- User is back on portal but with
cancel=1
parameter - User clicks on the CAS button (we are in Choice mode)
- User is redirected to CAS server with the portal URL as service URL, which contains the
cancel=1
parameter - User is back on portal, but stil with
cancel=1
parameter, so authentication fails (the choice is lost)
The issue seems not easy to fix. My idea was to detect on portal that we have the cancel parameter. In this case we flush the persistent data like today, but we force a redirection on portal without the cancel parameter (but keeping other GET parameters).
What do you think?