RESTWS-905: Session should be invalidated only if its a valid session (…

…#570)
openmrs · Feb 1, 2023 · a9f174a · a9f174a
1 parent 9d39bba
commit a9f174a
Showing 1 changed file with 1 addition and 1 deletion.
diff --git a/.../openmrs/module/webservices/rest/web/v1_0/controller/openmrs1_9/SessionController1_9.java b/.../openmrs/module/webservices/rest/web/v1_0/controller/openmrs1_9/SessionController1_9.java
@@ -121,7 +121,7 @@ public void post(HttpServletRequest request, @RequestBody Map<String, String> bo
 	public void delete(HttpServletRequest request) {
 		Context.logout();
 		HttpSession session = request.getSession(false);
-		if (session != null) {
+		if (session != null && request.isRequestedSessionIdValid()) {
 			session.invalidate();
 		}
 	}