From 54cc7d7c2483d7ca100a5db47f4e1e98bd97c7fe Mon Sep 17 00:00:00 2001
From: James Moger <james.moger@gitblit.com>
Date: Thu, 25 Sep 2014 09:27:04 -0400
Subject: [PATCH] Merged #187 "Restrict Gitblit cookie to the context path"

---
 src/main/java/com/gitblit/wicket/pages/RootPage.java |    5 ++++-
 1 files changed, 4 insertions(+), 1 deletions(-)

diff --git a/src/main/java/com/gitblit/wicket/pages/RootPage.java b/src/main/java/com/gitblit/wicket/pages/RootPage.java
index b1c3639..6a933b7 100644
--- a/src/main/java/com/gitblit/wicket/pages/RootPage.java
+++ b/src/main/java/com/gitblit/wicket/pages/RootPage.java
@@ -46,6 +46,7 @@
 import org.apache.wicket.markup.repeater.data.ListDataProvider;
 import org.apache.wicket.model.IModel;
 import org.apache.wicket.model.Model;
+import org.apache.wicket.protocol.http.WebRequest;
 import org.apache.wicket.protocol.http.WebResponse;
 
 import com.gitblit.Constants;
@@ -269,8 +270,10 @@
 
 			// Set Cookie
 			if (app().settings().getBoolean(Keys.web.allowCookieAuthentication, false)) {
+				WebRequest request = (WebRequest) getRequestCycle().getRequest();
 				WebResponse response = (WebResponse) getRequestCycle().getResponse();
-				app().authentication().setCookie(response.getHttpServletResponse(), user);
+				app().authentication().setCookie(request.getHttpServletRequest(),
+						response.getHttpServletResponse(), user);
 			}
 
 			if (!session.continueRequest()) {

--
Gitblit v1.9.1