From 8b6653a82eceb8621c78b716911540564dadd4b7 Mon Sep 17 00:00:00 2001
From: James Moger <james.moger@gitblit.com>
Date: Mon, 23 Sep 2013 10:02:07 -0400
Subject: Return cloned usermodel on cookie authentication

---
 src/main/java/com/gitblit/ConfigUserService.java | 6 ++++++
 1 file changed, 6 insertions(+)

(limited to 'src/main/java/com/gitblit/ConfigUserService.java')

diff --git a/src/main/java/com/gitblit/ConfigUserService.java b/src/main/java/com/gitblit/ConfigUserService.java
index 8a6c92f9..0d828aec 100644
--- a/src/main/java/com/gitblit/ConfigUserService.java
+++ b/src/main/java/com/gitblit/ConfigUserService.java
@@ -208,6 +208,12 @@ public class ConfigUserService implements IUserService {
 		if (cookies.containsKey(hash)) {
 			model = cookies.get(hash);
 		}
+		
+		if (model != null) {
+			// clone the model, otherwise all changes to this object are
+			// live and unpersisted
+			model = DeepCopier.copy(model);
+		}
 		return model;
 	}
 
-- 
cgit v1.2.3