Skip re-authentication if we have a valid session

author: James Moger <james.moger@gitblit.com> 2012-11-29 19:11:24 -0500
committer: James Moger <james.moger@gitblit.com> 2012-11-29 19:11:24 -0500
commit: e5c7795dc9185272365ff340698c7d2f1e6f11ab (patch)
tree: da562ecf3d3b8c361219b273f25dddc763908d56 /src/com/gitblit/wicket/pages/BasePage.java
parent: 5f3966fed628b25ffb73cb8750ba636fa487037d (diff)
download: gitblit-e5c7795dc9185272365ff340698c7d2f1e6f11ab.tar.gz
gitblit-e5c7795dc9185272365ff340698c7d2f1e6f11ab.zip
1 files changed, 6 insertions, 2 deletions
diff --git a/src/com/gitblit/wicket/pages/BasePage.java b/src/com/gitblit/wicket/pages/BasePage.java
index 5721adf7..d1ee2710 100644
--- a/src/com/gitblit/wicket/pages/BasePage.java
+++ b/src/com/gitblit/wicket/pages/BasePage.java
@@ -130,14 +130,18 @@ public abstract class BasePage extends WebPage {
 	}	
 
 	private void login() {
+		GitBlitWebSession session = GitBlitWebSession.get();
+		if (session.isLoggedIn() && !session.isSessionInvalidated()) {
+			// already have a session
+			return;
+		}
+		
 		// try to authenticate by servlet request
 		HttpServletRequest httpRequest = ((WebRequest) getRequestCycle().getRequest()).getHttpServletRequest();
 		UserModel user = GitBlit.self().authenticate(httpRequest);
 
 		// Login the user
 		if (user != null) {
-			// Set the user into the session
-			GitBlitWebSession session = GitBlitWebSession.get();
 			// issue 62: fix session fixation vulnerability
 			session.replaceSession();
 			session.setUser(user);
author	James Moger <james.moger@gitblit.com>	2012-11-29 19:11:24 -0500
committer	James Moger <james.moger@gitblit.com>	2012-11-29 19:11:24 -0500
commit	e5c7795dc9185272365ff340698c7d2f1e6f11ab (patch)
tree	da562ecf3d3b8c361219b273f25dddc763908d56 /src/com/gitblit/wicket/pages/BasePage.java
parent	5f3966fed628b25ffb73cb8750ba636fa487037d (diff)
download	gitblit-e5c7795dc9185272365ff340698c7d2f1e6f11ab.tar.gz gitblit-e5c7795dc9185272365ff340698c7d2f1e6f11ab.zip