From 3286926d2ec11445f76cd170e4c2fcff597a0754 Mon Sep 17 00:00:00 2001
From: Fabrice Bacchella <fbacchella@spamcop.net>
Date: Tue, 26 May 2015 04:48:40 -0400
Subject: [PATCH] Two slight improvement for custom UserService: - try userRealm as a file only if class is not found, other exeptions are real error - log userService only after setup, for better logging, as it can use gitblit.properties for custom .toString

---
 src/main/java/com/gitblit/wicket/pages/SessionPage.java |    7 ++++++-
 1 files changed, 6 insertions(+), 1 deletions(-)

diff --git a/src/main/java/com/gitblit/wicket/pages/SessionPage.java b/src/main/java/com/gitblit/wicket/pages/SessionPage.java
index 0dda949..af7f211 100644
--- a/src/main/java/com/gitblit/wicket/pages/SessionPage.java
+++ b/src/main/java/com/gitblit/wicket/pages/SessionPage.java
@@ -96,7 +96,12 @@
 					.getAttribute(Constants.AUTHENTICATION_TYPE);
 
 			// issue 62: fix session fixation vulnerability
-			session.replaceSession();
+			// but only if authentication was done in the container.
+			// It avoid double change of session, that some authentication method
+			// don't like
+			if (AuthenticationType.CONTAINER != authenticationType) {
+				session.replaceSession();
+			}			
 			session.setUser(user);
 
 			request.getSession().setAttribute(Constants.AUTHENTICATION_TYPE, authenticationType);

--
Gitblit v1.9.1