Hybrid OpenID/OAuth: Check for session validity during logout

GitHub-Bug: https://github.com/davido/gerrit-oauth-provider/issues/9 Change-Id: I17aaed508ef61959a3fc5634d76eb5386305f9a0
author: David Ostrovsky <david@ostrovsky.org> 2015-04-25 12:33:28 +0200
committer: David Ostrovsky <david@ostrovsky.org> 2015-04-25 12:37:47 +0200
commit: 3b6c86cb621c694f6b67075be4ce3453eae6b9a6 (patch)
tree: d5f624626304452c7cb289f6a6cf96975bc98036
parent: e0ad57751b62daa58df820ff0c11b954cd183112 (diff)
1 files changed, 3 insertions, 1 deletions
diff --git a/gerrit-openid/src/main/java/com/google/gerrit/httpd/auth/openid/OAuthOverOpenIDLogoutServlet.java b/gerrit-openid/src/main/java/com/google/gerrit/httpd/auth/openid/OAuthOverOpenIDLogoutServlet.java
index 8ca71ff858..8fad0ad3c9 100644
--- a/gerrit-openid/src/main/java/com/google/gerrit/httpd/auth/openid/OAuthOverOpenIDLogoutServlet.java
+++ b/gerrit-openid/src/main/java/com/google/gerrit/httpd/auth/openid/OAuthOverOpenIDLogoutServlet.java
@@ -52,6 +52,8 @@ class OAuthOverOpenIDLogoutServlet extends HttpLogoutServlet {
   protected void doLogout(HttpServletRequest req, HttpServletResponse rsp)
       throws IOException {
     super.doLogout(req, rsp);
-    oauthSession.get().logout();
+    if (req.getSession(false) != null) {
+      oauthSession.get().logout();
+    }
   }
 }
author	David Ostrovsky <david@ostrovsky.org>	2015-04-25 12:33:28 +0200
committer	David Ostrovsky <david@ostrovsky.org>	2015-04-25 12:37:47 +0200
commit	3b6c86cb621c694f6b67075be4ce3453eae6b9a6 (patch)
tree	d5f624626304452c7cb289f6a6cf96975bc98036
parent	e0ad57751b62daa58df820ff0c11b954cd183112 (diff)