From 54cc7d7c2483d7ca100a5db47f4e1e98bd97c7fe Mon Sep 17 00:00:00 2001
From: James Moger <james.moger@gitblit.com>
Date: Thu, 25 Sep 2014 09:27:04 -0400
Subject: [PATCH] Merged #187 "Restrict Gitblit cookie to the context path"

---
 src/main/java/com/gitblit/wicket/pages/ChangePasswordPage.java |    5 ++++-
 1 files changed, 4 insertions(+), 1 deletions(-)

diff --git a/src/main/java/com/gitblit/wicket/pages/ChangePasswordPage.java b/src/main/java/com/gitblit/wicket/pages/ChangePasswordPage.java
index 4c8d3a1..a6aca22 100644
--- a/src/main/java/com/gitblit/wicket/pages/ChangePasswordPage.java
+++ b/src/main/java/com/gitblit/wicket/pages/ChangePasswordPage.java
@@ -23,6 +23,7 @@
 import org.apache.wicket.markup.html.form.StatelessForm;
 import org.apache.wicket.model.IModel;
 import org.apache.wicket.model.Model;
+import org.apache.wicket.protocol.http.WebRequest;
 import org.apache.wicket.protocol.http.WebResponse;
 
 import com.gitblit.GitBlitException;
@@ -99,8 +100,10 @@
 				try {
 					app().gitblit().reviseUser(user.username, user);
 					if (app().settings().getBoolean(Keys.web.allowCookieAuthentication, false)) {
+						WebRequest request = (WebRequest) getRequestCycle().getRequest();
 						WebResponse response = (WebResponse) getRequestCycle().getResponse();
-						app().authentication().setCookie(response.getHttpServletResponse(), user);
+						app().authentication().setCookie(request.getHttpServletRequest(),
+								response.getHttpServletResponse(), user);
 					}
 				} catch (GitBlitException e) {
 					error(e.getMessage());

--
Gitblit v1.9.1