Merge "Hybrid OpenID/OAuth: Check for session validity during logout" into stable-2.10

author: Saša Živkov <zivkov@gmail.com> 2015-04-27 13:49:37 +0000
committer: Gerrit Code Review <noreply-gerritcodereview@google.com> 2015-04-27 13:49:40 +0000
commit: e6782847f87166c650ad0ec172c6e64b5be3c432 (patch)
tree: 63d39276408f33dfa914e5cd444ac5c63bf64c24
parent: 18c4ccd2c335691eff1202a4facd5dde3adcf05f (diff)
parent: 3b6c86cb621c694f6b67075be4ce3453eae6b9a6 (diff)
1 files changed, 3 insertions, 1 deletions
diff --git a/gerrit-openid/src/main/java/com/google/gerrit/httpd/auth/openid/OAuthOverOpenIDLogoutServlet.java b/gerrit-openid/src/main/java/com/google/gerrit/httpd/auth/openid/OAuthOverOpenIDLogoutServlet.java
index 8ca71ff858..8fad0ad3c9 100644
--- a/gerrit-openid/src/main/java/com/google/gerrit/httpd/auth/openid/OAuthOverOpenIDLogoutServlet.java
+++ b/gerrit-openid/src/main/java/com/google/gerrit/httpd/auth/openid/OAuthOverOpenIDLogoutServlet.java
@@ -52,6 +52,8 @@ class OAuthOverOpenIDLogoutServlet extends HttpLogoutServlet {
   protected void doLogout(HttpServletRequest req, HttpServletResponse rsp)
       throws IOException {
     super.doLogout(req, rsp);
-    oauthSession.get().logout();
+    if (req.getSession(false) != null) {
+      oauthSession.get().logout();
+    }
   }
 }
author	Saša Živkov <zivkov@gmail.com>	2015-04-27 13:49:37 +0000
committer	Gerrit Code Review <noreply-gerritcodereview@google.com>	2015-04-27 13:49:40 +0000
commit	e6782847f87166c650ad0ec172c6e64b5be3c432 (patch)
tree	63d39276408f33dfa914e5cd444ac5c63bf64c24
parent	18c4ccd2c335691eff1202a4facd5dde3adcf05f (diff)
parent	3b6c86cb621c694f6b67075be4ce3453eae6b9a6 (diff)