You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@tomcat.apache.org by ma...@apache.org on 2022/05/10 15:34:21 UTC
[tomcat] 02/03: Allow sub-class to decide if session being null is an issue or not
This is an automated email from the ASF dual-hosted git repository.
markt pushed a commit to branch main
in repository https://gitbox.apache.org/repos/asf/tomcat.git
commit cc36dd4bb334a86d5624892236e16adab0307900
Author: Mark Thomas <ma...@apache.org>
AuthorDate: Tue May 10 16:14:51 2022 +0100
Allow sub-class to decide if session being null is an issue or not
---
java/org/apache/catalina/filters/CsrfPreventionFilter.java | 5 ++++-
1 file changed, 4 insertions(+), 1 deletion(-)
diff --git a/java/org/apache/catalina/filters/CsrfPreventionFilter.java b/java/org/apache/catalina/filters/CsrfPreventionFilter.java
index fce6a99d96..26c0fe3a5c 100644
--- a/java/org/apache/catalina/filters/CsrfPreventionFilter.java
+++ b/java/org/apache/catalina/filters/CsrfPreventionFilter.java
@@ -120,7 +120,7 @@ public class CsrfPreventionFilter extends CsrfPreventionFilterBase {
HttpSession session = req.getSession(false);
- NonceCache<String> nonceCache = (session == null) ? null : getNonceCache(req, session);
+ NonceCache<String> nonceCache = getNonceCache(req, session);
if (!skipNonceCheck(req)) {
String previousNonce = req.getParameter(nonceRequestParameterName);
@@ -265,6 +265,9 @@ public class CsrfPreventionFilter extends CsrfPreventionFilterBase {
* and/or session
*/
protected NonceCache<String> getNonceCache(HttpServletRequest request, HttpSession session) {
+ if (session == null) {
+ return null;
+ }
@SuppressWarnings("unchecked")
NonceCache<String> nonceCache =
(NonceCache<String>) session.getAttribute(Constants.CSRF_NONCE_SESSION_ATTR_NAME);
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@tomcat.apache.org
For additional commands, e-mail: dev-help@tomcat.apache.org