X-Git-Url: https://code.wpia.club/?p=gigi.git;a=blobdiff_plain;f=src%2Forg%2Fcacert%2Fgigi%2Fpages%2FLoginPage.java;h=acfc8f51ed310153e9f1d041402167599d91e35d;hp=d88b6983b23611eefda46801db4a6dd6202b2790;hb=6f888ca8a1bbb6aa7669c02fc640077646de2ae8;hpb=1678385c9dc9d133aa5952da5033f7a652737f3f

diff --git a/src/org/cacert/gigi/pages/LoginPage.java b/src/org/cacert/gigi/pages/LoginPage.java
index d88b6983..acfc8f51 100644
--- a/src/org/cacert/gigi/pages/LoginPage.java
+++ b/src/org/cacert/gigi/pages/LoginPage.java
@@ -37,8 +37,7 @@ public class LoginPage extends Page {
 	@Override
 	public boolean beforeTemplate(HttpServletRequest req,
 			HttpServletResponse resp) throws IOException {
-		HttpSession hs = req.getSession();
-		if (hs.getAttribute("loggedin") == null) {
+		if (req.getSession().getAttribute("loggedin") == null) {
 			X509Certificate[] cert = (X509Certificate[]) req
 					.getAttribute("javax.servlet.request.X509Certificate");
 			if (cert != null && cert[0] != null) {
@@ -49,7 +48,7 @@ public class LoginPage extends Page {
 			}
 		}
 
-		if (hs.getAttribute("loggedin") != null) {
+		if (req.getSession().getAttribute("loggedin") != null) {
 			String s = (String) req.getSession().getAttribute(LOGIN_RETURNPATH);
 			if (s != null) {
 				if (!s.startsWith("/")) {
@@ -79,6 +78,7 @@ public class LoginPage extends Page {
 			ResultSet rs = ps.executeQuery();
 			if (rs.next()) {
 				if (PasswordHash.verifyHash(pw, rs.getString(1))) {
+					req.getSession().invalidate();
 					HttpSession hs = req.getSession();
 					hs.setAttribute(LOGGEDIN, true);
 					hs.setAttribute(USER, new User(rs.getInt(2)));
@@ -105,6 +105,7 @@ public class LoginPage extends Page {
 			ps.setString(1, serial);
 			ResultSet rs = ps.executeQuery();
 			if (rs.next()) {
+				req.getSession().invalidate();
 				HttpSession hs = req.getSession();
 				hs.setAttribute(LOGGEDIN, true);
 				hs.setAttribute(USER, new User(rs.getInt(1)));