svn commit: r980097 - /sling/trunk/bundles/extensions/formauth/src/main/java/org/apache/sling/formauth/impl/FormAuthenticationHandler.java

Wed, 28 Jul 2010 08:34:00 -0700 

Author: ieb
Date: Wed Jul 28 15:32:37 2010
New Revision: 980097

URL: http://svn.apache.org/viewvc?rev=980097&view=rev
Log:
SLING-1588 Fixed, cookie needs to be removed when found to be invalid.

Modified:
    
sling/trunk/bundles/extensions/formauth/src/main/java/org/apache/sling/formauth/impl/FormAuthenticationHandler.java

Modified: 
sling/trunk/bundles/extensions/formauth/src/main/java/org/apache/sling/formauth/impl/FormAuthenticationHandler.java
URL: 
http://svn.apache.org/viewvc/sling/trunk/bundles/extensions/formauth/src/main/java/org/apache/sling/formauth/impl/FormAuthenticationHandler.java?rev=980097&r1=980096&r2=980097&view=diff
==============================================================================
--- 
sling/trunk/bundles/extensions/formauth/src/main/java/org/apache/sling/formauth/impl/FormAuthenticationHandler.java
 (original)
+++ 
sling/trunk/bundles/extensions/formauth/src/main/java/org/apache/sling/formauth/impl/FormAuthenticationHandler.java
 Wed Jul 28 15:32:37 2010
@@ -308,6 +308,9 @@ public class FormAuthenticationHandler e
                     // signal the requestCredentials method a previous login 
failure
                     request.setAttribute(PAR_J_REASON, FormReason.TIMEOUT);
                     info = AuthenticationInfo.FAIL_AUTH;
+                    // clear the cookie, its invalid and we should get rid of 
it so that the invalid cookie
+                    // isn't present on the authN operation.
+                    authStorage.clear(request, response);
                 }
             }
         }

Reply via email to