Parent Directory
|
Revision Log
|
Patch
--- tomcat/tc6.0.x/trunk/java/org/apache/catalina/authenticator/FormAuthenticator.java 2012/12/06 13:58:22 1417890
+++ tomcat/tc6.0.x/trunk/java/org/apache/catalina/authenticator/FormAuthenticator.java 2012/12/06 13:58:59 1417891
@@ -31,6 +31,7 @@ import javax.servlet.http.Cookie;
import javax.servlet.http.HttpServletResponse;
import org.apache.catalina.Globals;
+import org.apache.catalina.Manager;
import org.apache.catalina.Realm;
import org.apache.catalina.Session;
import org.apache.catalina.connector.Request;
@@ -322,6 +323,15 @@ public class FormAuthenticator
config.getLoginPage(), context.getName()));
}
+ if (getChangeSessionIdOnAuthentication()) {
+ Session session = request.getSessionInternal(false);
+ if (session != null) {
+ Manager manager = request.getContext().getManager();
+ manager.changeSessionId(session);
+ request.changeSessionId(session.getId());
+ }
+ }
+
// Always use GET for the login page, regardless of the method used
String oldMethod = request.getCoyoteRequest().method().toString();
request.getCoyoteRequest().method().setString("GET");
| infrastructure at apache.org | ViewVC Help |
| Powered by ViewVC 1.1.26 |