We use cookies to ensure you get the best experience on our website
Página inicial Explorar Ajuda
Registrar Entrar
0ct0pu5
/
pwm
1
0
Fork 0
Arquivos Issues 0 Pull Requests 0 Wiki
Ver código fonte

further restrict sessionIdRecycling to non-client api requests.

Jason Rivard 4 anos atrás
pai
496bb646ea
commit
c7def1329b
1 arquivos alterados com 3 adições e 1 exclusões
Visão dividida Mostrar estatísticas do Diff
  1. 3 1
      server/src/main/java/password/pwm/http/filter/RequestInitializationFilter.java

+ 3 - 1
server/src/main/java/password/pwm/http/filter/RequestInitializationFilter.java
Ver arquivo 

@@ -302,7 +302,9 @@ public class RequestInitializationFilter implements Filter
 
     private void checkIfSessionRecycleNeeded( final PwmRequest pwmRequest )
 
     {
 
         if ( pwmRequest.getPwmSession().getSessionStateBean().isSessionIdRecycleNeeded()
 
-                && !pwmRequest.getURL().isResourceURL() )
 
+                && !pwmRequest.getURL().isResourceURL()
 
+                && !pwmRequest.getURL().isClientApiServlet()
 
+        )
 
         {
 
             if ( pwmRequest.getConfig().readBooleanAppProperty( AppProperty.HTTP_SESSION_RECYCLE_AT_AUTH ) )
 
             {

Contact | Legal | Takedown | Status
Self-hosted public services - About
NibbleSpot by 0ct0pu5