Don't add exception to session if allowSessionCreation is false.

2025-03-03 11:59:08 +00:00 · 2008-02-01 16:03:56 +00:00 · 2008-02-01 16:03:56 +00:00 · e42fdf29ae
commit e42fdf29ae
parent 3da2471b7f
1 changed files with 5 additions and 3 deletions
--- a/openid/src/main/java/org/springframework/security/ui/openid/OpenIdAuthenticationProcessingFilter.java
+++ b/openid/src/main/java/org/springframework/security/ui/openid/OpenIdAuthenticationProcessingFilter.java
@ -184,9 +184,11 @@ public class OpenIdAuthenticationProcessingFilter extends AbstractProcessingFilt
            logger.debug("Authentication request failed: " + failed.toString());
        }

-        try {
-            request.getSession().setAttribute(SPRING_SECURITY_LAST_EXCEPTION_KEY, failed);
-        } catch (Exception ignored) {
+        if (getAllowSessionCreation()) {
+            try {
+                request.getSession().setAttribute(SPRING_SECURITY_LAST_EXCEPTION_KEY, failed);
+            } catch (Exception ignored) {
+            }
        }

        super.getRememberMeServices().loginFail(request, response);