Skip to main content
aboutsummaryrefslogtreecommitdiffstats
path: root/jetty-security/src/main/java/org/eclipse/jetty/security/authentication/LoginAuthenticator.java
diff options
context:
space:
mode:
Diffstat (limited to 'jetty-security/src/main/java/org/eclipse/jetty/security/authentication/LoginAuthenticator.java')
-rw-r--r--jetty-security/src/main/java/org/eclipse/jetty/security/authentication/LoginAuthenticator.java19
1 files changed, 11 insertions, 8 deletions
diff --git a/jetty-security/src/main/java/org/eclipse/jetty/security/authentication/LoginAuthenticator.java b/jetty-security/src/main/java/org/eclipse/jetty/security/authentication/LoginAuthenticator.java
index aefd171814..e5d033ae0f 100644
--- a/jetty-security/src/main/java/org/eclipse/jetty/security/authentication/LoginAuthenticator.java
+++ b/jetty-security/src/main/java/org/eclipse/jetty/security/authentication/LoginAuthenticator.java
@@ -74,17 +74,20 @@ public abstract class LoginAuthenticator implements Authenticator
{
HttpSession httpSession = request.getSession(false);
- synchronized (httpSession)
+ if (_renewSession && httpSession!=null)
{
- //if we should renew sessions, and there is an existing session that may have been seen by non-authenticated users
- //(indicated by SESSION_SECURED not being set on the session) then we should change id
- if (_renewSession && httpSession!=null && httpSession.getAttribute(AbstractSessionManager.SESSION_KNOWN_ONLY_TO_AUTHENTICATED)!=Boolean.TRUE)
+ synchronized (httpSession)
{
- HttpSession newSession = AbstractSessionManager.renewSession(request, httpSession,true);
- LOG.debug("renew {}->{}",httpSession.getId(),newSession.getId());
- httpSession=newSession;
+ //if we should renew sessions, and there is an existing session that may have been seen by non-authenticated users
+ //(indicated by SESSION_SECURED not being set on the session) then we should change id
+ if (httpSession.getAttribute(AbstractSessionManager.SESSION_KNOWN_ONLY_TO_AUTHENTICATED)!=Boolean.TRUE)
+ {
+ HttpSession newSession = AbstractSessionManager.renewSession(request, httpSession,true);
+ LOG.debug("renew {}->{}",httpSession.getId(),newSession.getId());
+ httpSession=newSession;
+ }
}
- return httpSession;
}
+ return httpSession;
}
}

Back to the top