Create web.rewriteSession key for use with tomcat and CAS

Fabrice Bacchella

2015-05-23 14d630b8682c425880511a2c5ddf520198f55205

Create web.rewriteSession key for use with tomcat  and CAS

 src/main/java/com/gitblit/wicket/pages/SessionPage.java

@@ -96,7 +96,12 @@
                    .getAttribute(Constants.AUTHENTICATION_TYPE);

            // issue 62: fix session fixation vulnerability
            // but only if authentication was done in the container.
            // It avoid double change of session, that some authentication method
            // don't like
            if (AuthenticationType.CONTAINER != authenticationType) {
            session.replaceSession();
            }			
            session.setUser(user);

            request.getSession().setAttribute(Constants.AUTHENTICATION_TYPE, authenticationType);