From ec7ed84b04cd3981ae01b104bd52fc010f31e6a7 Mon Sep 17 00:00:00 2001 From: James Moger <james.moger@gitblit.com> Date: Thu, 25 Sep 2014 09:06:39 -0400 Subject: [PATCH] Restrict Gitblit cookie to the context path --- src/main/java/com/gitblit/wicket/pages/RootPage.java | 5 ++++- 1 files changed, 4 insertions(+), 1 deletions(-) diff --git a/src/main/java/com/gitblit/wicket/pages/RootPage.java b/src/main/java/com/gitblit/wicket/pages/RootPage.java index b1c3639..6a933b7 100644 --- a/src/main/java/com/gitblit/wicket/pages/RootPage.java +++ b/src/main/java/com/gitblit/wicket/pages/RootPage.java @@ -46,6 +46,7 @@ import org.apache.wicket.markup.repeater.data.ListDataProvider; import org.apache.wicket.model.IModel; import org.apache.wicket.model.Model; +import org.apache.wicket.protocol.http.WebRequest; import org.apache.wicket.protocol.http.WebResponse; import com.gitblit.Constants; @@ -269,8 +270,10 @@ // Set Cookie if (app().settings().getBoolean(Keys.web.allowCookieAuthentication, false)) { + WebRequest request = (WebRequest) getRequestCycle().getRequest(); WebResponse response = (WebResponse) getRequestCycle().getResponse(); - app().authentication().setCookie(response.getHttpServletResponse(), user); + app().authentication().setCookie(request.getHttpServletRequest(), + response.getHttpServletResponse(), user); } if (!session.continueRequest()) { -- Gitblit v1.9.1