From 8a168147799387d5bd457f1ce2d22df07a657a65 Mon Sep 17 00:00:00 2001
From: Andrea Del Bene <adelbene@apache.org>
Date: Mon, 12 Sep 2016 18:04:05 +0200
Subject: [PATCH] Alternative solution

---
 .../authentication/AuthenticatedWebSession.java    | 14 ++++----------
 1 file changed, 4 insertions(+), 10 deletions(-)

diff --git a/wicket-auth-roles/src/main/java/org/apache/wicket/authroles/authentication/AuthenticatedWebSession.java b/wicket-auth-roles/src/main/java/org/apache/wicket/authroles/authentication/AuthenticatedWebSession.java
index f0b450c2de7..f11d718ad6b 100644
--- a/wicket-auth-roles/src/main/java/org/apache/wicket/authroles/authentication/AuthenticatedWebSession.java
+++ b/wicket-auth-roles/src/main/java/org/apache/wicket/authroles/authentication/AuthenticatedWebSession.java
@@ -63,17 +63,11 @@ public AuthenticatedWebSession(Request request)
 	 */
 	public final boolean signIn(final String username, final String password)
 	{
-		if (signedIn.compareAndSet(false, true))
+		boolean authenticated = authenticate(username, password);
+
+		if (authenticated && signedIn.compareAndSet(false, true))
 		{
-			boolean authenticated = authenticate(username, password);
-			if (authenticated)
-			{
-				bind();
-			}
-			else
-			{
-				signedIn.set(false);
-			}
+			bind();
 		}
 		return signedIn.get();
 	}