From 2f43c16cc12473df830761ebecc229b7e277f732 Mon Sep 17 00:00:00 2001 From: Nanne Baars <nbaars@xebia.com> Date: Fri, 28 Aug 2015 16:24:04 +0200 Subject: [PATCH] Clicking on 'LAB: Role Based Access Control' produces 'Invalid Session' in UI #44 --- .../org/owasp/webgoat/session/WebSession.java | 18 +++++++++++------- 1 file changed, 11 insertions(+), 7 deletions(-) diff --git a/webgoat-container/src/main/java/org/owasp/webgoat/session/WebSession.java b/webgoat-container/src/main/java/org/owasp/webgoat/session/WebSession.java index b479a3d7e..879c3af03 100644 --- a/webgoat-container/src/main/java/org/owasp/webgoat/session/WebSession.java +++ b/webgoat-container/src/main/java/org/owasp/webgoat/session/WebSession.java @@ -842,13 +842,17 @@ public class WebSession { } else if (al instanceof RandomLessonAdapter) { try { RandomLessonAdapter rla = (RandomLessonAdapter) al; - int stage = myParser.getIntParameter(STAGE) - 1; - String[] stages = rla.getStages(); - if (stages == null) { - stages = new String[0]; - } - if (stage >= 0 && stage < stages.length) { - rla.setStage(this, stages[stage]); + if (!myParser.getRawParameter(STAGE).equals("null")) { + int stage = myParser.getIntParameter(STAGE) - 1; + String[] stages = rla.getStages(); + if (stages == null) { + stages = new String[0]; + } + if (stage >= 0 && stage < stages.length) { + rla.setStage(this, stages[stage]); + } + } else { + rla.setStage(this, null); } } catch (ParameterNotFoundException pnfe) { }