Gitblit devel
blame | history | patch | commit | commitdiff | show whitespace
James Moger
2015-05-24 79922557bf5a716fcb758e2437b36714e51368e5 
 src/main/java/com/gitblit/wicket/pages/SessionPage.java


@@ -96,7 +96,12 @@


               .getAttribute(Constants.AUTHENTICATION_TYPE);




         // issue 62: fix session fixation vulnerability


         // but only if authentication was done in the container.


         // It avoid double change of session, that some authentication method


         // don't like


         if (AuthenticationType.CONTAINER != authenticationType) {


         session.replaceSession();


         }			


         session.setUser(user);




         request.getSession().setAttribute(Constants.AUTHENTICATION_TYPE, authenticationType);