COR-364 Fix conversation state registry to consider same session id r…

…euse
exoplatform · Dec 24, 2017 · 02e277a · 02e277a
1 parent ac59eeb
commit 02e277a
Showing 1 changed file with 6 additions and 5 deletions.
diff --git a/...ty.core/src/main/java/org/exoplatform/services/security/web/SetCurrentIdentityFilter.java b/...ty.core/src/main/java/org/exoplatform/services/security/web/SetCurrentIdentityFilter.java
@@ -135,6 +135,12 @@ private ConversationState getCurrentState(ExoContainer container, HttpServletReq
 
          state = conversationRegistry.getState(stateKey);
 
+         if(state != null && !userId.equals(state.getIdentity().getUserId())){
+             state = null;
+             conversationRegistry.unregister(stateKey, false);
+             LOG.debug("The current conversation state with the session ID " + httpSession.getId() + " does not belong to the user " + userId + ". The conversation state registry will be updated.");
+         }
+
          if (state == null)
          {
             if (LOG.isDebugEnabled())
@@ -189,11 +195,6 @@ private ConversationState getCurrentState(ExoContainer container, HttpServletReq
                   LOG.debug("Register Conversation state " + httpSession.getId());
                }
             }
-         } else {
-            if(! userId.equals(state.getIdentity().getUserId())){
-               state = new ConversationState(new Identity(IdentityConstants.ANONIM));
-               LOG.error("The current conversation state with the session ID " + httpSession.getId() + " does not belong to the user " + userId + ", this user should re-login again !");
-            }
          }
       }
       else