Skip re-authentication if we have a valid session

author James Moger <james.moger@gitblit.com>

Fri, 30 Nov 2012 00:11:24 +0000 (19:11 -0500)

committer James Moger <james.moger@gitblit.com>

Fri, 30 Nov 2012 00:11:24 +0000 (19:11 -0500)
author James Moger <james.moger@gitblit.com>
Fri, 30 Nov 2012 00:11:24 +0000 (19:11 -0500)
committer James Moger <james.moger@gitblit.com>
Fri, 30 Nov 2012 00:11:24 +0000 (19:11 -0500)
diff --git a/src/com/gitblit/GitBlit.java b/src/com/gitblit/GitBlit.java

index 319f4436e7475d90b3cdc571ce95bb97f63fba79..870e22fbc26d9c10a5081e735aaa49c788271f97 100644 (file)
--- a/src/com/gitblit/GitBlit.java
+++ b/src/com/gitblit/GitBlit.java
@@ -591,6 +591,8 @@ public class GitBlit implements ServletContextListener {
                         if (user != null) {\r
                                 GitBlitWebSession session = GitBlitWebSession.get();\r
                                 session.authenticationType = AuthenticationType.COOKIE;\r
+                               logger.info(MessageFormat.format("{0} authenticated by cookie from {1}",\r
+                                               user.username, httpRequest.getRemoteAddr()));\r
                                 return user;\r
                         }\r
                 }\r
diff --git a/src/com/gitblit/wicket/pages/BasePage.java b/src/com/gitblit/wicket/pages/BasePage.java

index 5721adf7a3975ea01081913e6d15e25f27672274..d1ee271071b223f91b3f32f465179e183ecd023f 100644 (file)
--- a/src/com/gitblit/wicket/pages/BasePage.java
+++ b/src/com/gitblit/wicket/pages/BasePage.java
@@ -130,14 +130,18 @@ public abstract class BasePage extends WebPage {
         }       \r
  \r
         private void login() {\r
+               GitBlitWebSession session = GitBlitWebSession.get();\r
+               if (session.isLoggedIn() && !session.isSessionInvalidated()) {\r
+                       // already have a session\r
+                       return;\r
+               }\r
+               \r
                 // try to authenticate by servlet request\r
                 HttpServletRequest httpRequest = ((WebRequest) getRequestCycle().getRequest()).getHttpServletRequest();\r
                 UserModel user = GitBlit.self().authenticate(httpRequest);\r
  \r
                 // Login the user\r
                 if (user != null) {\r
-                       // Set the user into the session\r
-                       GitBlitWebSession session = GitBlitWebSession.get();\r
                         // issue 62: fix session fixation vulnerability\r
                         session.replaceSession();\r
                         session.setUser(user);\r
author	James Moger <james.moger@gitblit.com>
	Fri, 30 Nov 2012 00:11:24 +0000 (19:11 -0500)
committer	James Moger <james.moger@gitblit.com>
	Fri, 30 Nov 2012 00:11:24 +0000 (19:11 -0500)
src/com/gitblit/GitBlit.java		patch \| blob \| history
src/com/gitblit/wicket/pages/BasePage.java		patch \| blob \| history