From 8b6653a82eceb8621c78b716911540564dadd4b7 Mon Sep 17 00:00:00 2001
From: James Moger <james.moger@gitblit.com>
Date: Mon, 23 Sep 2013 10:02:07 -0400
Subject: [PATCH] Return cloned usermodel on cookie authentication

---
 src/main/java/com/gitblit/ConfigUserService.java |    6 ++++++
 1 files changed, 6 insertions(+), 0 deletions(-)

diff --git a/src/main/java/com/gitblit/ConfigUserService.java b/src/main/java/com/gitblit/ConfigUserService.java
index 8a6c92f..0d828ae 100644
--- a/src/main/java/com/gitblit/ConfigUserService.java
+++ b/src/main/java/com/gitblit/ConfigUserService.java
@@ -208,6 +208,12 @@
 		if (cookies.containsKey(hash)) {
 			model = cookies.get(hash);
 		}
+		
+		if (model != null) {
+			// clone the model, otherwise all changes to this object are
+			// live and unpersisted
+			model = DeepCopier.copy(model);
+		}
 		return model;
 	}
 

--
Gitblit v1.9.1