Commit 13b5c9a2 authored by Ard Schrijvers's avatar Ard Schrijvers

CMS-11442 [Backport 11.2] Make sure the fallback session does not get logged out

during a login attempt, whether successful  or not, the fallback session
is not required to be logged out. Also instead of calling #invalidateNow
during a login attempt to force a new http session, it makes more sense
to use #replaceSession which replaces the web session without destroying
all wicket components directly. An extra advantage is that we can override
replaceSession and then suppress the logging out of the fallback session

(cherry picked from commit 4d19226ceda397a03e3c893be1e9b154ad62b99f)
parent 491e2e7f
......@@ -95,8 +95,7 @@ public class LoginPanel extends Panel {
if (userSession.getAuthorizedAppCounter() == 0) {
log.debug("Invalidating user session to make sure a new session id is created");
userSession.invalidateNow();
userSession = PluginUserSession.get();
userSession.replaceSession();
} else {
final String alreadyAuthorizedUser = userSession.getUserName();
if (alreadyAuthorizedUser.equals(username) || isDevMode()) {
......@@ -104,8 +103,7 @@ public class LoginPanel extends Panel {
"should not invalidate the user session.");
} else {
log.info("Invalidating http session because attempt to login to different app with different user name");
userSession.invalidateNow();
userSession = PluginUserSession.get();
userSession.replaceSession();
}
}
......
......@@ -78,6 +78,7 @@ public class PluginUserSession extends UserSession {
private static UserCredentials fallbackCredentials;
private IModel<Session> jcrSessionModel;
private transient Session fallbackSession;
private boolean skipFallbackSessionLogout;
private final IModel<ClassLoader> classLoader;
private final IModel<WorkflowManager> workflowManager;
private transient FacetRootsObserver facetRootsObserver;
......@@ -467,9 +468,18 @@ public class PluginUserSession extends UserSession {
}
}
@Override
public void replaceSession() {
skipFallbackSessionLogout = true;
super.replaceSession();
}
@Override
public void onInvalidate() {
resetFallbackSession();
if (!skipFallbackSessionLogout) {
resetFallbackSession();
}
skipFallbackSessionLogout = false;
releaseJcrSession();
JcrObservationManager.getInstance().cleanupListeners(this);
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment