Gitblit devel
parent: 5cc0a69a | patch | commit | ignore whitespace
James Moger
2015-05-24 79922557bf5a716fcb758e2437b36714e51368e5 
Merge pull request #262 from fbacchella/keepsession

Do not replace session when authentication type is CONTAINER
1 files modified
7 ■■■■ changed files
src/main/java/com/gitblit/wicket/pages/SessionPage.java 7 ●●●● patch | view | raw | blame | history 
 src/main/java/com/gitblit/wicket/pages/SessionPage.java


@@ -96,7 +96,12 @@


                    .getAttribute(Constants.AUTHENTICATION_TYPE);




            // issue 62: fix session fixation vulnerability


            session.replaceSession();


            // but only if authentication was done in the container.


            // It avoid double change of session, that some authentication method


            // don't like


            if (AuthenticationType.CONTAINER != authenticationType) {


                session.replaceSession();


            }			


            session.setUser(user);




            request.getSession().setAttribute(Constants.AUTHENTICATION_TYPE, authenticationType);