From 54cc7d7c2483d7ca100a5db47f4e1e98bd97c7fe Mon Sep 17 00:00:00 2001
From: James Moger <james.moger@gitblit.com>
Date: Thu, 25 Sep 2014 09:27:04 -0400
Subject: [PATCH] Merged #187 "Restrict Gitblit cookie to the context path"

---
 src/main/java/com/gitblit/wicket/pages/SessionPage.java |   10 +++++++---
 1 files changed, 7 insertions(+), 3 deletions(-)

diff --git a/src/main/java/com/gitblit/wicket/pages/SessionPage.java b/src/main/java/com/gitblit/wicket/pages/SessionPage.java
index 7a58175..7717854 100644
--- a/src/main/java/com/gitblit/wicket/pages/SessionPage.java
+++ b/src/main/java/com/gitblit/wicket/pages/SessionPage.java
@@ -58,9 +58,11 @@
 
 			if (user == null || user.disabled) {
 				// user was deleted/disabled during session
+				HttpServletRequest request = ((WebRequest) getRequestCycle().getRequest())
+						.getHttpServletRequest();
 				HttpServletResponse response = ((WebResponse) getRequestCycle().getResponse())
 						.getHttpServletResponse();
-				app().authentication().logout(response, user);
+				app().authentication().logout(request, response, user);
 				session.setUser(null);
 				session.invalidateNow();
 				return;
@@ -76,7 +78,7 @@
 						// cookie was changed during our session
 						HttpServletResponse response = ((WebResponse) getRequestCycle().getResponse())
 								.getHttpServletResponse();
-						app().authentication().logout(response, user);
+						app().authentication().logout(request, response, user);
 						session.setUser(null);
 						session.invalidateNow();
 						return;
@@ -99,8 +101,10 @@
 			session.setUser(user);
 
 			// Set Cookie
+			WebRequest request = (WebRequest) getRequestCycle().getRequest();
 			WebResponse response = (WebResponse) getRequestCycle().getResponse();
-			app().authentication().setCookie(response.getHttpServletResponse(), user);
+			app().authentication().setCookie(request.getHttpServletRequest(),
+					response.getHttpServletResponse(), user);
 
 			session.continueRequest();
 		}

--
Gitblit v1.9.1