dubey/WebGoat
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

fix various session issues and cleanup

Browse Source 
main change is to force spring security to always send user to welcome.mvc after login which gets their session setup properly before redirecting to start.mvc
This commit is contained in:
lawson89
2014-08-21 09:05:12 -04:00
parent 9bdedd0eff
commit 2d7679cdda
6 changed files with 62 additions and 41 deletions
Download Patch File Download Diff File Expand all files Collapse all files

7
java/org/owasp/webgoat/service/BaseService.java
View File

@ -67,8 +67,11 @@ public abstract class BaseService {
public WebSession getWebSession(HttpSession session) {
WebSession ws;
Object o = session.getAttribute(WebSession.SESSION);
if (o == null || !(o instanceof WebSession)) {
throw new IllegalArgumentException("No valid session object found, has session timed out? [" + session.getId() + "]");
if (o == null) {
throw new IllegalArgumentException("No valid WebSession object found, has session timed out? [" + session.getId() + "]");
}
if (!(o instanceof WebSession)) {
throw new IllegalArgumentException("Invalid WebSession object found, this is probably a bug! [" + o.getClass() + " | " + session.getId() + "]");
}
ws = (WebSession) o;
return ws;