This is an automated email from the ASF dual-hosted git repository.
solomax pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/openmeetings.git
The following commit(s) were added to refs/heads/master by this push:
new 86303ba [OPENMEETINGS-1867] changeSessionId is used
86303ba is described below
commit 86303ba3a8eaa697eed2cb828f47c0a0ba31ea5f
Author: Maxim Solodovnik <[email protected]>
AuthorDate: Mon Nov 5 21:15:37 2018 +0700
[OPENMEETINGS-1867] changeSessionId is used
---
.../apache/openmeetings/web/app/WebSession.java | 27 +---------------------
1 file changed, 1 insertion(+), 26 deletions(-)
diff --git
a/openmeetings-web/src/main/java/org/apache/openmeetings/web/app/WebSession.java
b/openmeetings-web/src/main/java/org/apache/openmeetings/web/app/WebSession.java
index 0e8cc34..6282921 100644
---
a/openmeetings-web/src/main/java/org/apache/openmeetings/web/app/WebSession.java
+++
b/openmeetings-web/src/main/java/org/apache/openmeetings/web/app/WebSession.java
@@ -76,7 +76,6 @@ import org.apache.openmeetings.web.util.UserDashboard;
import org.apache.wicket.authentication.IAuthenticationStrategy;
import
org.apache.wicket.authroles.authentication.AbstractAuthenticatedWebSession;
import org.apache.wicket.authroles.authorization.strategies.role.Roles;
-import org.apache.wicket.core.request.ClientInfo;
import org.apache.wicket.injection.Injector;
import org.apache.wicket.request.Request;
import org.apache.wicket.spring.injection.annot.SpringBean;
@@ -273,31 +272,7 @@ public class WebSession extends
AbstractAuthenticatedWebSession implements IWebS
}
private void setUser(User u, Set<Right> rights) {
- Long _recordingId = recordingId;
- Long _roomId = roomId;
- Invitation _i = i;
- SOAPLogin _soap = soap;
- ClientInfo _info = clientInfo;
- ExtendedClientProperties _extProps = extProps;
- replaceSession(); // required to prevent session fixation
- if (_recordingId != null) {
- recordingId = _recordingId;
- }
- if (_roomId != null) {
- roomId = _roomId;
- }
- if (_i != null) {
- i = _i;
- }
- if (_soap != null) {
- soap = _soap;
- }
- if (_info != null) {
- clientInfo = _info;
- }
- if (_extProps != null) {
- extProps = _extProps;
- }
+ changeSessionId(); // required to prevent session fixation
userId = u.getId();
if (rights == null || rights.isEmpty()) {
Set<Right> r = new HashSet<>(u.getRights());
