From e5c7795dc9185272365ff340698c7d2f1e6f11ab Mon Sep 17 00:00:00 2001
From: James Moger <james.moger@gitblit.com>
Date: Thu, 29 Nov 2012 19:11:24 -0500
Subject: [PATCH] Skip re-authentication if we have a valid session

---
 src/com/gitblit/GitBlit.java               |    2 ++
 src/com/gitblit/wicket/pages/BasePage.java |    8 ++++++--
 2 files changed, 8 insertions(+), 2 deletions(-)

diff --git a/src/com/gitblit/GitBlit.java b/src/com/gitblit/GitBlit.java
index 319f443..870e22f 100644
--- a/src/com/gitblit/GitBlit.java
+++ b/src/com/gitblit/GitBlit.java
@@ -591,6 +591,8 @@
 			if (user != null) {
 				GitBlitWebSession session = GitBlitWebSession.get();
 				session.authenticationType = AuthenticationType.COOKIE;
+				logger.info(MessageFormat.format("{0} authenticated by cookie from {1}",
+						user.username, httpRequest.getRemoteAddr()));
 				return user;
 			}
 		}
diff --git a/src/com/gitblit/wicket/pages/BasePage.java b/src/com/gitblit/wicket/pages/BasePage.java
index 5721adf..d1ee271 100644
--- a/src/com/gitblit/wicket/pages/BasePage.java
+++ b/src/com/gitblit/wicket/pages/BasePage.java
@@ -130,14 +130,18 @@
 	}	
 
 	private void login() {
+		GitBlitWebSession session = GitBlitWebSession.get();
+		if (session.isLoggedIn() && !session.isSessionInvalidated()) {
+			// already have a session
+			return;
+		}
+		
 		// try to authenticate by servlet request
 		HttpServletRequest httpRequest = ((WebRequest) getRequestCycle().getRequest()).getHttpServletRequest();
 		UserModel user = GitBlit.self().authenticate(httpRequest);
 
 		// Login the user
 		if (user != null) {
-			// Set the user into the session
-			GitBlitWebSession session = GitBlitWebSession.get();
 			// issue 62: fix session fixation vulnerability
 			session.replaceSession();
 			session.setUser(user);

--
Gitblit v1.9.1