renewAuthentication doesn't force renew if user already authenticated

[bzbzh]

Hi,

This issue is quite related with this previous one: #93.

In this issue, this fixed has been made: 96a32a1#diff-fda8f069ddbab09f78110718008adf9bb2e330db9b2a2423c17a9bb4786e2990R1226

In my opinion the removal of $this->redirectToCas(false, true); is a mistake here (or the none use of $renew parameter in isAuthenticated, see below).

Because when you arrive to isAuthenticated first lines are:

    if ( $this->_wasPreviouslyAuthenticated() ) {
            if ($this->hasTicket()) {
                // User has a additional ticket but was already authenticated
                phpCAS::trace(
                    'ticket was present and will be discarded, use renewAuthenticate()'
                );

Which is a bit ironical (besides the fact it should read "use renewAuthentication()") since we are coming from it.
In the beginning of this function, if the user was previously authenticated (either he has a ticket or no), the function will return true, and won't be using the $renew parameter.
So renew is not renewing if user is already authenticated, unless I am mistaken.

[prigaux]

I think the current behavior is ok... if used as explained on #93 :

renewAuthentication() is meant to be used instead of forceAuthentication() when your application wants to have a CAS authentication without CAS SSO. Once your application is authenticated, renewAuthentication() does not do anything anymore.

The biggest issue is the description of renewAuthentication which is clearly not adapted anymore.

NB : if you really want to ignore current session, you could call phpCAS::clearSessionValues()