Do not set cookies for sessions authenticated via certificate or container

diff --git a/src/main/java/com/gitblit/GitBlit.java b/src/main/java/com/gitblit/GitBlit.java
index ef739780f5c682fb20d8e0632b369856e28f7438..ecd4662c0727b5333ee7e051bec34e3cfef41d4d 100644 (file)
--- a/src/main/java/com/gitblit/GitBlit.java
+++ b/src/main/java/com/gitblit/GitBlit.java
@@ -929,7 +929,10 @@ public class GitBlit implements ServletContextListener {
                if (userService == null) {
                        return;
                }
-               if (userService.supportsCookies()) {
+               GitBlitWebSession session = GitBlitWebSession.get();
+               boolean standardLogin = session.authenticationType.isStandard();
+
+               if (userService.supportsCookies() && standardLogin) {
                        Cookie userCookie;
                        if (user == null) {
                                // clear cookie for logout