Central login: more information
What is the Central login?
The Central Login is the page where you have to log in for web applications which are shielded with the intranet user ID and password.
More technical background can be found on https://admin.kuleuven.be/icts/services/aai/tech.html.
What are the advantages?
The Central Login has two important advantages. It is both safer as easier.
- Safer:
Since the login procedure takes place central, your password will no longer pass the web application. Your password will only go via a central server.
Moreover, the complete login procedure goes over a secured channel (HTTP over SSL). SSL ensures that all information goes encrypted through the line. SSL also ensures that you are sure of the origin of the page.
More information about security can be found on https://admin.kuleuven.be/icts/info/pc-beveiliging. - Easier:
Because you log in on a central point and there is built a session, you can switch from one web application to another without logging in again.
How long do I stay logged in?
If you want to get access to a restricted web application, you need to go through the central login procedure. During this procedure, there is built a session with the central login system and with the web application. Both sessions have their own expiration.
When a web application provides its own logout, this can result in the fact that both the session with the central login system and the session with this web application has ended. The sessions that you had with other web applications are still existing. If you want to end all existing sessions with all web applications, you need to close the browser.
The former explanation is illustrated below:
- The session with the central login system has a maximum validity of 4 hours, this is renewed every time there is asked for access to a new web application.
- The session with the web application varies from application to application, standard it is set on 2 hours.
When a web application provides its own logout, this can result in the fact that both the session with the central login system and the session with this web application has ended. The sessions that you had with other web applications are still existing. If you want to end all existing sessions with all web applications, you need to close the browser.
The former explanation is illustrated below:
How do i log out?
To log out completely in all web applications, you need to close the browser or remove your session cookies. How you have to close the browser depends on which type of browser you use.
Firefox users are strongly recommended to switch off the Session Restore function, more info: http://kb.mozillazine.org/Session_Restore#Completely_disabling_session_store
THE GOLDEN RULE TO LOG OUT
Close all windows and tabs of your browser!