Parent Directory
|
Revision Log
|
Patch
--- tomcat/tc7.0.x/trunk/java/org/apache/catalina/authenticator/FormAuthenticator.java 2012/11/11 16:25:18 1408043
+++ tomcat/tc7.0.x/trunk/java/org/apache/catalina/authenticator/FormAuthenticator.java 2012/11/11 16:42:02 1408044
@@ -31,6 +31,7 @@ import javax.servlet.http.Cookie;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
+import org.apache.catalina.Manager;
import org.apache.catalina.Realm;
import org.apache.catalina.Session;
import org.apache.catalina.connector.Request;
@@ -404,6 +405,15 @@ public class FormAuthenticator
return;
}
+ if (getChangeSessionIdOnAuthentication()) {
+ Session session = request.getSessionInternal(false);
+ if (session != null) {
+ Manager manager = request.getContext().getManager();
+ manager.changeSessionId(session);
+ request.changeSessionId(session.getId());
+ }
+ }
+
// Always use GET for the login page, regardless of the method used
String oldMethod = request.getMethod();
request.getCoyoteRequest().method().setString("GET");
| infrastructure at apache.org | ViewVC Help |
| Powered by ViewVC 1.1.26 |