Cwikius-Spring/spring-security
1
0
Fork 0
mirror of https://github.com/spring-projects/spring-security.git synced 2025-06-29 07:12:32 +00:00
Code Issues Packages Projects Releases Wiki Activity

SEC-1462: Added suggested patch (effectively the same as changes in 3.0.x and master branches).

Browse Source
This commit is contained in:
Luke Taylor 2010-04-20 18:16:45 +01:00
parent 6ad652ae97
commit 0acf262546
1 changed files with 1 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
core/src/main/java/org/springframework/security/ui/SessionFixationProtectionFilter.java
View File

@ -48,7 +48,7 @@ public class SessionFixationProtectionFilter extends SpringSecurityFilter {
protected void doFilterHttp(HttpServletRequest request, HttpServletResponse response, FilterChain chain) protected void doFilterHttp(HttpServletRequest request, HttpServletResponse response, FilterChain chain)
throws IOException, ServletException { throws IOException, ServletException {
// Session fixation isn't a problem if there's no session // Session fixation isn't a problem if there's no session
if(request.getSession(false) == null || request.getAttribute(FILTER_APPLIED) != null) { if(request.getSession(false) == null || request.getAttribute(FILTER_APPLIED) != null || !request.isRequestedSessionIdValid()) {
chain.doFilter(request, response); chain.doFilter(request, response);
return; return;
} }