Author: kkolinko Date: Sun Nov 11 16:42:02 2012 New Revision: 1408044 URL: http://svn.apache.org/viewvc?rev=1408044&view=rev Log: Merged revision 1408043 from tomcat/trunk: In FormAuthenticator: If it is configured to change Session IDs, do the change before displaying the login form.
Modified: tomcat/tc7.0.x/trunk/ (props changed) tomcat/tc7.0.x/trunk/java/org/apache/catalina/authenticator/FormAuthenticator.java tomcat/tc7.0.x/trunk/webapps/docs/changelog.xml Propchange: tomcat/tc7.0.x/trunk/ ------------------------------------------------------------------------------ Merged /tomcat/trunk:r1408043 Modified: tomcat/tc7.0.x/trunk/java/org/apache/catalina/authenticator/FormAuthenticator.java URL: http://svn.apache.org/viewvc/tomcat/tc7.0.x/trunk/java/org/apache/catalina/authenticator/FormAuthenticator.java?rev=1408044&r1=1408043&r2=1408044&view=diff ============================================================================== --- tomcat/tc7.0.x/trunk/java/org/apache/catalina/authenticator/FormAuthenticator.java (original) +++ tomcat/tc7.0.x/trunk/java/org/apache/catalina/authenticator/FormAuthenticator.java Sun Nov 11 16:42:02 2012 @@ -31,6 +31,7 @@ import javax.servlet.http.Cookie; import javax.servlet.http.HttpServletRequest; import javax.servlet.http.HttpServletResponse; +import org.apache.catalina.Manager; import org.apache.catalina.Realm; import org.apache.catalina.Session; import org.apache.catalina.connector.Request; @@ -404,6 +405,15 @@ public class FormAuthenticator return; } + if (getChangeSessionIdOnAuthentication()) { + Session session = request.getSessionInternal(false); + if (session != null) { + Manager manager = request.getContext().getManager(); + manager.changeSessionId(session); + request.changeSessionId(session.getId()); + } + } + // Always use GET for the login page, regardless of the method used String oldMethod = request.getMethod(); request.getCoyoteRequest().method().setString("GET"); Modified: tomcat/tc7.0.x/trunk/webapps/docs/changelog.xml URL: http://svn.apache.org/viewvc/tomcat/tc7.0.x/trunk/webapps/docs/changelog.xml?rev=1408044&r1=1408043&r2=1408044&view=diff ============================================================================== --- tomcat/tc7.0.x/trunk/webapps/docs/changelog.xml (original) +++ tomcat/tc7.0.x/trunk/webapps/docs/changelog.xml Sun Nov 11 16:42:02 2012 @@ -114,6 +114,10 @@ <bug>54127</bug>: Add support for sending a WebSocket Ping. Patch provided by Sean Winterberger. (markt) </add> + <fix> + In FormAuthenticator: If it is configured to change Session IDs, + do the change before displaying the login form. (kkolinko) + </fix> </changelog> </subsection> <subsection name="Coyote"> --------------------------------------------------------------------- To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org