From bdcb8d6d8c858e71f21a274654a41d6d5ab799fc Mon Sep 17 00:00:00 2001
From: Anthony O. <netangel+github@gmail.com>
Date: Fri, 08 Aug 2014 04:47:05 -0400
Subject: [PATCH] Update setup_authentication.mkd

---
 src/main/java/com/gitblit/wicket/pages/SessionPage.java |   12 +++++++++++-
 1 files changed, 11 insertions(+), 1 deletions(-)

diff --git a/src/main/java/com/gitblit/wicket/pages/SessionPage.java b/src/main/java/com/gitblit/wicket/pages/SessionPage.java
index 22ae6e2..7a58175 100644
--- a/src/main/java/com/gitblit/wicket/pages/SessionPage.java
+++ b/src/main/java/com/gitblit/wicket/pages/SessionPage.java
@@ -56,8 +56,18 @@
 			// any changes to permissions or roles (issue-186)
 			UserModel user = app().users().getUserModel(session.getUser().username);
 
+			if (user == null || user.disabled) {
+				// user was deleted/disabled during session
+				HttpServletResponse response = ((WebResponse) getRequestCycle().getResponse())
+						.getHttpServletResponse();
+				app().authentication().logout(response, user);
+				session.setUser(null);
+				session.invalidateNow();
+				return;
+			}
+
 			// validate cookie during session (issue-361)
-			if (app().settings().getBoolean(Keys.web.allowCookieAuthentication, true)) {
+			if (user != null && app().settings().getBoolean(Keys.web.allowCookieAuthentication, true)) {
 				HttpServletRequest request = ((WebRequest) getRequestCycle().getRequest())
 						.getHttpServletRequest();
 				String requestCookie = app().authentication().getCookie(request);

--
Gitblit v1.9.1