Halaman utama Jelajahi Bantuan
Daftar Masuk
github
/
spring-security
cermin dari https://github.com/spring-projects/spring-security
2
0
Fork 0
Berkas Masalah 0 Wiki
Jelajahi Sumber

SEC-1462: Added suggested patch (effectively the same as changes in 3.0.x and master branches).

Luke Taylor 15 tahun lalu
induk
6ad652ae97
melakukan
0acf262546
1 mengubah file dengan 1 tambahan dan 1 penghapusan
Tampilan Split Tampilkan Statistik Diff
  1. 1 1
      core/src/main/java/org/springframework/security/ui/SessionFixationProtectionFilter.java

+ 1 - 1
core/src/main/java/org/springframework/security/ui/SessionFixationProtectionFilter.java
Tampilan Berkas 

@@ -48,7 +48,7 @@ public class SessionFixationProtectionFilter extends SpringSecurityFilter {
 
     protected void doFilterHttp(HttpServletRequest request, HttpServletResponse response, FilterChain chain)
 
             throws IOException, ServletException {
 
         // Session fixation isn't a problem if there's no session
 
-        if(request.getSession(false) == null || request.getAttribute(FILTER_APPLIED) != null) {
 
+        if(request.getSession(false) == null || request.getAttribute(FILTER_APPLIED) != null || !request.isRequestedSessionIdValid()) {
 
             chain.doFilter(request, response);
 
             return;
 
         }