From 320d3428999927439dfb0a455fb59aba0c41aa91 Mon Sep 17 00:00:00 2001 From: Michael Jumper Date: Wed, 25 Apr 2018 00:45:50 -0700 Subject: [PATCH] GUACAMOLE-549: Do not automatically create HttpSession. If an extension truly needs an HttpSession, it should create it manually via the HttpServletRequest. --- .../java/org/apache/guacamole/rest/auth/TokenRESTService.java | 2 +- .../main/java/org/apache/guacamole/rest/user/UserResource.java | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/guacamole/src/main/java/org/apache/guacamole/rest/auth/TokenRESTService.java b/guacamole/src/main/java/org/apache/guacamole/rest/auth/TokenRESTService.java index cea0315e9..e8c1c7729 100644 --- a/guacamole/src/main/java/org/apache/guacamole/rest/auth/TokenRESTService.java +++ b/guacamole/src/main/java/org/apache/guacamole/rest/auth/TokenRESTService.java @@ -121,7 +121,7 @@ public class TokenRESTService { credentials.setUsername(username); credentials.setPassword(password); credentials.setRequest(request); - credentials.setSession(request.getSession(true)); + credentials.setSession(request.getSession(false)); credentials.setRemoteAddress(request.getRemoteAddr()); credentials.setRemoteHostname(request.getRemoteHost()); diff --git a/guacamole/src/main/java/org/apache/guacamole/rest/user/UserResource.java b/guacamole/src/main/java/org/apache/guacamole/rest/user/UserResource.java index 72c916219..4e7ab928a 100644 --- a/guacamole/src/main/java/org/apache/guacamole/rest/user/UserResource.java +++ b/guacamole/src/main/java/org/apache/guacamole/rest/user/UserResource.java @@ -158,7 +158,7 @@ public class UserResource credentials.setUsername(user.getIdentifier()); credentials.setPassword(userPasswordUpdate.getOldPassword()); credentials.setRequest(request); - credentials.setSession(request.getSession(true)); + credentials.setSession(request.getSession(false)); credentials.setRemoteAddress(request.getRemoteAddr()); credentials.setRemoteHostname(request.getRemoteHost());