diff options
| -rw-r--r-- | src/com/gitblit/GitBlit.java | 2 | ||||
| -rw-r--r-- | src/com/gitblit/wicket/pages/BasePage.java | 8 |
2 files changed, 8 insertions, 2 deletions
diff --git a/src/com/gitblit/GitBlit.java b/src/com/gitblit/GitBlit.java index 319f4436..870e22fb 100644 --- a/src/com/gitblit/GitBlit.java +++ b/src/com/gitblit/GitBlit.java @@ -591,6 +591,8 @@ public class GitBlit implements ServletContextListener { if (user != null) {
GitBlitWebSession session = GitBlitWebSession.get();
session.authenticationType = AuthenticationType.COOKIE;
+ logger.info(MessageFormat.format("{0} authenticated by cookie from {1}",
+ user.username, httpRequest.getRemoteAddr()));
return user;
}
}
diff --git a/src/com/gitblit/wicket/pages/BasePage.java b/src/com/gitblit/wicket/pages/BasePage.java index 5721adf7..d1ee2710 100644 --- a/src/com/gitblit/wicket/pages/BasePage.java +++ b/src/com/gitblit/wicket/pages/BasePage.java @@ -130,14 +130,18 @@ public abstract class BasePage extends WebPage { }
private void login() {
+ GitBlitWebSession session = GitBlitWebSession.get();
+ if (session.isLoggedIn() && !session.isSessionInvalidated()) {
+ // already have a session
+ return;
+ }
+
// try to authenticate by servlet request
HttpServletRequest httpRequest = ((WebRequest) getRequestCycle().getRequest()).getHttpServletRequest();
UserModel user = GitBlit.self().authenticate(httpRequest);
// Login the user
if (user != null) {
- // Set the user into the session
- GitBlitWebSession session = GitBlitWebSession.get();
// issue 62: fix session fixation vulnerability
session.replaceSession();
session.setUser(user);
|