Merge "OAuth: Check for session validity during logout" into stable-2.10

2015-05-06 13:00:20 +00:00
parent a82964fb7a 8573bed76a
commit bad310ec3f
1 changed files with 3 additions and 1 deletions
--- a/gerrit-oauth/src/main/java/com/google/gerrit/httpd/auth/oauth/OAuthLogoutServlet.java
+++ b/gerrit-oauth/src/main/java/com/google/gerrit/httpd/auth/oauth/OAuthLogoutServlet.java
@@ -52,6 +52,8 @@ class OAuthLogoutServlet extends HttpLogoutServlet {
  protected void doLogout(HttpServletRequest req, HttpServletResponse rsp)
      throws IOException {
    super.doLogout(req, rsp);
-    oauthSession.get().logout();
+    if (req.getSession(false) != null) {
      oauthSession.get().logout();
    }
  }
 }