From: James Moger Date: Fri, 30 Nov 2012 00:11:24 +0000 (-0500) Subject: Skip re-authentication if we have a valid session X-Git-Tag: v1.2.0~53 X-Git-Url: https://source.dussan.org/?a=commitdiff_plain;h=e5c7795dc9185272365ff340698c7d2f1e6f11ab;p=gitblit.git Skip re-authentication if we have a valid session --- diff --git a/src/com/gitblit/GitBlit.java b/src/com/gitblit/GitBlit.java index 319f4436..870e22fb 100644 --- a/src/com/gitblit/GitBlit.java +++ b/src/com/gitblit/GitBlit.java @@ -591,6 +591,8 @@ public class GitBlit implements ServletContextListener { if (user != null) { GitBlitWebSession session = GitBlitWebSession.get(); session.authenticationType = AuthenticationType.COOKIE; + logger.info(MessageFormat.format("{0} authenticated by cookie from {1}", + user.username, httpRequest.getRemoteAddr())); return user; } } diff --git a/src/com/gitblit/wicket/pages/BasePage.java b/src/com/gitblit/wicket/pages/BasePage.java index 5721adf7..d1ee2710 100644 --- a/src/com/gitblit/wicket/pages/BasePage.java +++ b/src/com/gitblit/wicket/pages/BasePage.java @@ -130,14 +130,18 @@ public abstract class BasePage extends WebPage { } private void login() { + GitBlitWebSession session = GitBlitWebSession.get(); + if (session.isLoggedIn() && !session.isSessionInvalidated()) { + // already have a session + return; + } + // try to authenticate by servlet request HttpServletRequest httpRequest = ((WebRequest) getRequestCycle().getRequest()).getHttpServletRequest(); UserModel user = GitBlit.self().authenticate(httpRequest); // Login the user if (user != null) { - // Set the user into the session - GitBlitWebSession session = GitBlitWebSession.get(); // issue 62: fix session fixation vulnerability session.replaceSession(); session.setUser(user);