Merge pull request #277 from mrjoel/mrjoel-serverNPEfix

James Moger

2015-06-30 b5c7332f5976cc19ab681ed4b82501a62c6a2f61

 src/main/java/com/gitblit/wicket/pages/SessionPage.java

@@ -96,7 +96,12 @@
               .getAttribute(Constants.AUTHENTICATION_TYPE);

         // issue 62: fix session fixation vulnerability
         session.replaceSession();
         // but only if authentication was done in the container.
         // It avoid double change of session, that some authentication method
         // don't like
         if (AuthenticationType.CONTAINER != authenticationType) {
            session.replaceSession();
         }			
         session.setUser(user);

         request.getSession().setAttribute(Constants.AUTHENTICATION_TYPE, authenticationType);