X-Git-Url: https://git.argeo.org/?a=blobdiff_plain;f=org.argeo.cms%2Fsrc%2Forg%2Fargeo%2Fcms%2Fauth%2FRemoteSessionLoginModule.java;h=6bf3fc985a8d1040edfbab0692a4a4e8cd991dae;hb=c2eb0b8ebd1c9df4923f5fb2298a4ae04237f65d;hp=d801b5e57978aed234b519c0a657e9d2861fd240;hpb=b1a235695e876269172d9db401eb0a25af938a30;p=lgpl%2Fargeo-commons.git

diff --git a/org.argeo.cms/src/org/argeo/cms/auth/RemoteSessionLoginModule.java b/org.argeo.cms/src/org/argeo/cms/auth/RemoteSessionLoginModule.java
index d801b5e57..6bf3fc985 100644
--- a/org.argeo.cms/src/org/argeo/cms/auth/RemoteSessionLoginModule.java
+++ b/org.argeo.cms/src/org/argeo/cms/auth/RemoteSessionLoginModule.java
@@ -77,21 +77,23 @@ public class RemoteSessionLoginModule implements LoginModule {
 			authorization = (Authorization) request.getAttribute(RemoteAuthRequest.AUTHORIZATION);
 			if (authorization == null) {// search by session ID
 				RemoteAuthSession httpSession = request.getSession();
-				if (httpSession == null) {
-					// TODO make sure this is always safe
-					if (log.isTraceEnabled())
-						log.trace("Create http session");
-					httpSession = request.createSession();
-				}
-				String httpSessionId = httpSession.getId();
+//				if (httpSession == null) {
+//					// TODO make sure this is always safe
+//					if (log.isTraceEnabled())
+//						log.trace("Create http session");
+//					httpSession = request.createSession();
+//				}
+				if (httpSession != null) {
+					String httpSessionId = httpSession.getId();
 //				if (log.isTraceEnabled())
 //					log.trace("HTTP login: " + request.getPathInfo() + " #" + httpSessionId);
-				CmsSessionImpl cmsSession = CmsContextImpl.getCmsContext().getCmsSessionByLocalId(httpSessionId);
-				if (cmsSession != null && !cmsSession.isAnonymous()) {
-					authorization = cmsSession.getAuthorization();
-					locale = cmsSession.getLocale();
-					if (log.isTraceEnabled())
-						log.trace("Retrieved authorization from " + cmsSession);
+					CmsSessionImpl cmsSession = CmsContextImpl.getCmsContext().getCmsSessionByLocalId(httpSessionId);
+					if (cmsSession != null && !cmsSession.isAnonymous()) {
+						authorization = cmsSession.getAuthorization();
+						locale = cmsSession.getLocale();
+						if (log.isTraceEnabled())
+							log.trace("Retrieved authorization from " + cmsSession);
+					}
 				}
 			}
 			sharedState.put(CmsAuthUtils.SHARED_STATE_HTTP_REQUEST, request);