/[Apache-SVN]/tomcat/tc6.0.x/trunk/java/org/apache/catalina/authenticator/FormAuthenticator.java
ViewVC logotype

Diff of /tomcat/tc6.0.x/trunk/java/org/apache/catalina/authenticator/FormAuthenticator.java

Parent Directory Parent Directory | Revision Log Revision Log | View Patch Patch

--- tomcat/tc6.0.x/trunk/java/org/apache/catalina/authenticator/FormAuthenticator.java	2012/12/06 13:58:22	1417890
+++ tomcat/tc6.0.x/trunk/java/org/apache/catalina/authenticator/FormAuthenticator.java	2012/12/06 13:58:59	1417891
@@ -31,6 +31,7 @@ import javax.servlet.http.Cookie;
 import javax.servlet.http.HttpServletResponse;
 
 import org.apache.catalina.Globals;
+import org.apache.catalina.Manager;
 import org.apache.catalina.Realm;
 import org.apache.catalina.Session;
 import org.apache.catalina.connector.Request;
@@ -322,6 +323,15 @@ public class FormAuthenticator
                     config.getLoginPage(), context.getName()));
         }
 
+        if (getChangeSessionIdOnAuthentication()) {
+            Session session = request.getSessionInternal(false);
+            if (session != null) {
+                Manager manager = request.getContext().getManager();
+                manager.changeSessionId(session);
+                request.changeSessionId(session.getId());
+            }
+        }
+
         // Always use GET for the login page, regardless of the method used
         String oldMethod = request.getCoyoteRequest().method().toString();
         request.getCoyoteRequest().method().setString("GET");

 

infrastructure at apache.org
ViewVC Help
Powered by ViewVC 1.1.26