My app uses Central Authentication Service (CAS) to login to the app. For those unfamiliar, this means I have a Ring middleware that redirects visitors to the server page where they login, and are then bounced back to my site with some added information, including a “?ticket=AKJF2390JKl” type string in the URL. This string is the problem; by now they are already logged in, so this means there is a time I no longer need that ticket number. However, I’m having trouble figuring out how and when to remove that string. I have various middlewares set up to look at the request so far, and I can locate two places that string appears in the request map (that’s [:params :ticket] and [:query-string]), but dissocing those two keys doesn’t change what URL the page gets in the end (e.g. “http://mysite.com/?ticket=blahblah”). Not only is this unsightly, but it results in refresh failing on the page because the ticket is one-time use (though refresh works fine when you remove the ticket string altogether after they’ve logged in, as by that point it’s cookie-powered).
So, if I can remove an end-result query string by disocing from the request map with my middleware, my question is this:
- What do I need to dissoc in order to see a change in the end-user URL?
- When in the middle-ware cycle do I need to perform this dissoc?
If dissoc isn’t the answer, what is?