Create web.rewriteSession key for use with tomcat and CAS

Fabrice Bacchella

2015-05-23 14d630b8682c425880511a2c5ddf520198f55205

 src/main/java/com/gitblit/wicket/pages/SessionPage.java

@@ -96,7 +96,12 @@
               .getAttribute(Constants.AUTHENTICATION_TYPE);

         // issue 62: fix session fixation vulnerability
         // but only if authentication was done in the container.
         // It avoid double change of session, that some authentication method
         // don't like
         if (AuthenticationType.CONTAINER != authenticationType) {
         session.replaceSession();
         }			
         session.setUser(user);

         request.getSession().setAttribute(Constants.AUTHENTICATION_TYPE, authenticationType);