You may notice that if you log out of the application, you get the logout confirmation page. However, if you click on a protected page, such as the My Events page, you are still authenticated. The problem is that the logout is only occurring locally. So when you request for another protected resource in the JBCP Calendar application, a login is requested from the CAS Server. Since the user is still logged in to the CAS Server, it immediately returns a Service Ticket and logs the user back into the JBCP Calendar application.
This also means that if the user had signed in to other applications using the CAS Server, they would still be authenticated to those applications, since our
Calendar application does not know anything about the ...