From 62e0259129fa7147a3899244569c05f4e7fd3b7c Mon Sep 17 00:00:00 2001
From: Joel Johnson <joel.johnson@issinc.com>
Date: Tue, 14 Jul 2015 15:59:29 -0400
Subject: [PATCH] prevent session fixation for external authentication

---
 src/main/java/com/gitblit/wicket/pages/LogoutPage.java |    3 ++-
 1 files changed, 2 insertions(+), 1 deletions(-)

diff --git a/src/main/java/com/gitblit/wicket/pages/LogoutPage.java b/src/main/java/com/gitblit/wicket/pages/LogoutPage.java
index 27542bd..a8ae7d0 100644
--- a/src/main/java/com/gitblit/wicket/pages/LogoutPage.java
+++ b/src/main/java/com/gitblit/wicket/pages/LogoutPage.java
@@ -27,7 +27,8 @@
 		super();
 		GitBlitWebSession session = GitBlitWebSession.get();
 		UserModel user = session.getUser();
-		app().authentication().logout(((WebResponse) getResponse()).getHttpServletResponse(), user);
+		app().authentication().logout(((WebRequest) getRequest()).getHttpServletRequest(),
+				((WebResponse) getResponse()).getHttpServletResponse(), user);
 		session.invalidate();
 
 		/*

--
Gitblit v1.9.1