From: James Moger <james.moger@gitblit.com>
Date: Fri, 30 Nov 2012 00:11:24 +0000 (-0500)
Subject: Skip re-authentication if we have a valid session
X-Git-Tag: v1.2.0~53
X-Git-Url: https://source.dussan.org/?a=commitdiff_plain;h=e5c7795dc9185272365ff340698c7d2f1e6f11ab;p=gitblit.git

Skip re-authentication if we have a valid session
---

diff --git a/src/com/gitblit/GitBlit.java b/src/com/gitblit/GitBlit.java
index 319f4436..870e22fb 100644
--- a/src/com/gitblit/GitBlit.java
+++ b/src/com/gitblit/GitBlit.java
@@ -591,6 +591,8 @@ public class GitBlit implements ServletContextListener {
 			if (user != null) {
 				GitBlitWebSession session = GitBlitWebSession.get();
 				session.authenticationType = AuthenticationType.COOKIE;
+				logger.info(MessageFormat.format("{0} authenticated by cookie from {1}",
+						user.username, httpRequest.getRemoteAddr()));
 				return user;
 			}
 		}
diff --git a/src/com/gitblit/wicket/pages/BasePage.java b/src/com/gitblit/wicket/pages/BasePage.java
index 5721adf7..d1ee2710 100644
--- a/src/com/gitblit/wicket/pages/BasePage.java
+++ b/src/com/gitblit/wicket/pages/BasePage.java
@@ -130,14 +130,18 @@ public abstract class BasePage extends WebPage {
 	}	
 
 	private void login() {
+		GitBlitWebSession session = GitBlitWebSession.get();
+		if (session.isLoggedIn() && !session.isSessionInvalidated()) {
+			// already have a session
+			return;
+		}
+		
 		// try to authenticate by servlet request
 		HttpServletRequest httpRequest = ((WebRequest) getRequestCycle().getRequest()).getHttpServletRequest();
 		UserModel user = GitBlit.self().authenticate(httpRequest);
 
 		// Login the user
 		if (user != null) {
-			// Set the user into the session
-			GitBlitWebSession session = GitBlitWebSession.get();
 			// issue 62: fix session fixation vulnerability
 			session.replaceSession();
 			session.setUser(user);