From 3b6c86cb621c694f6b67075be4ce3453eae6b9a6 Mon Sep 17 00:00:00 2001
From: David Ostrovsky <david@ostrovsky.org>
Date: Sat, 25 Apr 2015 12:33:28 +0200
Subject: Hybrid OpenID/OAuth: Check for session validity during logout

GitHub-Bug: https://github.com/davido/gerrit-oauth-provider/issues/9
Change-Id: I17aaed508ef61959a3fc5634d76eb5386305f9a0
---
 .../google/gerrit/httpd/auth/openid/OAuthOverOpenIDLogoutServlet.java | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

diff --git a/gerrit-openid/src/main/java/com/google/gerrit/httpd/auth/openid/OAuthOverOpenIDLogoutServlet.java b/gerrit-openid/src/main/java/com/google/gerrit/httpd/auth/openid/OAuthOverOpenIDLogoutServlet.java
index 8ca71ff858..8fad0ad3c9 100644
--- a/gerrit-openid/src/main/java/com/google/gerrit/httpd/auth/openid/OAuthOverOpenIDLogoutServlet.java
+++ b/gerrit-openid/src/main/java/com/google/gerrit/httpd/auth/openid/OAuthOverOpenIDLogoutServlet.java
@@ -52,6 +52,8 @@ class OAuthOverOpenIDLogoutServlet extends HttpLogoutServlet {
   protected void doLogout(HttpServletRequest req, HttpServletResponse rsp)
       throws IOException {
     super.doLogout(req, rsp);
-    oauthSession.get().logout();
+    if (req.getSession(false) != null) {
+      oauthSession.get().logout();
+    }
   }
 }
-- 
cgit v1.2.3