From 62e0259129fa7147a3899244569c05f4e7fd3b7c Mon Sep 17 00:00:00 2001
From: Joel Johnson <joel.johnson@issinc.com>
Date: Tue, 14 Jul 2015 15:59:29 -0400
Subject: [PATCH] prevent session fixation for external authentication

---
 src/main/java/com/gitblit/wicket/pages/UserPage.java |    4 +++-
 1 files changed, 3 insertions(+), 1 deletions(-)

diff --git a/src/main/java/com/gitblit/wicket/pages/UserPage.java b/src/main/java/com/gitblit/wicket/pages/UserPage.java
index e21431d..6e7e7a7 100644
--- a/src/main/java/com/gitblit/wicket/pages/UserPage.java
+++ b/src/main/java/com/gitblit/wicket/pages/UserPage.java
@@ -252,9 +252,11 @@
 			availableTransports.add(Transport.SSH);
 		}
 		if (app().services().isServingHTTP()) {
-			availableTransports.add(Transport.HTTPS);
 			availableTransports.add(Transport.HTTP);
 		}
+		if (app().services().isServingHTTPS()) {
+			availableTransports.add(Transport.HTTPS);
+		}
 		if (app().services().isServingGIT()) {
 			availableTransports.add(Transport.GIT);
 		}

--
Gitblit v1.9.1