# File lib/casclient/frameworks/merb/filter.rb, line 7
        def cas_filter
          @client ||= CASClient::Client.new(config)

          service_ticket = read_ticket(self)

          cas_login_url = client.add_service_to_login_url(read_service_url(self))

          last_service_ticket = session[:cas_last_valid_ticket]
          if (service_ticket && last_service_ticket && 
              last_service_ticket.ticket == service_ticket.ticket && 
              last_service_ticket.service == service_ticket.service)

            # warn() rather than info() because we really shouldn't be re-validating the same ticket. 
            # The only time when this is acceptable is if the user manually does a refresh and the ticket
            # happens to be in the URL.
            log.warn("Reusing previously validated ticket since the new ticket and service are the same.")
            service_ticket = last_service_ticket
          elsif last_service_ticket &&
            !config[:authenticate_on_every_request] && 
            session[client.username_session_key]
            # Re-use the previous ticket if the user already has a local CAS session (i.e. if they were already
            # previously authenticated for this service). This is to prevent redirection to the CAS server on every
            # request.
            # This behaviour can be disabled (so that every request is routed through the CAS server) by setting
            # the :authenticate_on_every_request config option to false. 
            log.debug "Existing local CAS session detected for #{session[client.username_session_key].inspect}. "+
              "Previous ticket #{last_service_ticket.ticket.inspect} will be re-used."
              service_ticket = last_service_ticket
          end

          if service_ticket
            client.validate_service_ticket(service_ticket) unless service_ticket.has_been_validated?
            validation_response = service_ticket.response

            if service_ticket.is_valid?
              log.info("Ticket #{service_ticket.inspect} for service #{service_ticket.service.inspect} " + 
                "belonging to user #{validation_response.user.inspect} is VALID.")

              session[client.username_session_key] = validation_response.user
              session[client.extra_attributes_session_key] = validation_response.extra_attributes

              # Store the ticket in the session to avoid re-validating the same service
              # ticket with the CAS server.
              session[:cas_last_valid_ticket] = service_ticket
              return true
            else  
              log.warn("Ticket #{service_ticket.ticket.inspect} failed validation -- " + 
                "#{validation_response.failure_code}: #{validation_response.failure_message}")
              redirect cas_login_url
              return false
            end
          else
            log.warn("No ticket -- redirecting to #{cas_login_url}")
            redirect cas_login_url
            return false
          end
        end