From 0140402ad4fd0186b8116cbc3ffba0c167cfdf5a Mon Sep 17 00:00:00 2001
From: Athou <jeremiepanzer@gmail.com>
Date: Tue, 19 Aug 2014 07:34:07 +0200
Subject: [PATCH] don't create a session if it does not exists

---
 .../com/commafeed/backend/service/UserService.java     | 10 ++++++----
 .../commafeed/frontend/auth/SecurityCheckProvider.java |  2 +-
 .../commafeed/frontend/servlet/CustomCssServlet.java   |  2 +-
 .../commafeed/frontend/servlet/NextUnreadServlet.java  |  2 +-
 4 files changed, 9 insertions(+), 7 deletions(-)

diff --git a/src/main/java/com/commafeed/backend/service/UserService.java b/src/main/java/com/commafeed/backend/service/UserService.java
index 90cda9b2..c4bffa55 100644
--- a/src/main/java/com/commafeed/backend/service/UserService.java
+++ b/src/main/java/com/commafeed/backend/service/UserService.java
@@ -75,10 +75,12 @@ public class UserService {
 	 * try to log in by checking if the user has an active session
 	 */
 	public Optional<User> login(HttpSession session) {
-		User user = (User) session.getAttribute(SESSION_KEY_USER);
-		if (user != null) {
-			afterLogin(user);
-			return Optional.of(user);
+		if (session != null) {
+			User user = (User) session.getAttribute(SESSION_KEY_USER);
+			if (user != null) {
+				afterLogin(user);
+				return Optional.of(user);
+			}
 		}
 		return Optional.absent();
 	}
diff --git a/src/main/java/com/commafeed/frontend/auth/SecurityCheckProvider.java b/src/main/java/com/commafeed/frontend/auth/SecurityCheckProvider.java
index 61484c61..3c9c055e 100644
--- a/src/main/java/com/commafeed/frontend/auth/SecurityCheckProvider.java
+++ b/src/main/java/com/commafeed/frontend/auth/SecurityCheckProvider.java
@@ -67,7 +67,7 @@ public class SecurityCheckProvider implements InjectableProvider<SecurityCheck,
 		}
 
 		private Optional<User> cookieSessionLogin() {
-			return userService.login(request.getSession());
+			return userService.login(request.getSession(false));
 		}
 
 		private Optional<User> basicAuthenticationLogin(HttpContext c) {
diff --git a/src/main/java/com/commafeed/frontend/servlet/CustomCssServlet.java b/src/main/java/com/commafeed/frontend/servlet/CustomCssServlet.java
index fab87004..f65e17cc 100644
--- a/src/main/java/com/commafeed/frontend/servlet/CustomCssServlet.java
+++ b/src/main/java/com/commafeed/frontend/servlet/CustomCssServlet.java
@@ -36,7 +36,7 @@ public class CustomCssServlet extends HttpServlet {
 		final Optional<User> user = new UnitOfWork<Optional<User>>(sessionFactory) {
 			@Override
 			protected Optional<User> runInSession() throws Exception {
-				return userService.login(req.getSession());
+				return userService.login(req.getSession(false));
 			}
 		}.run();
 		if (!user.isPresent()) {
diff --git a/src/main/java/com/commafeed/frontend/servlet/NextUnreadServlet.java b/src/main/java/com/commafeed/frontend/servlet/NextUnreadServlet.java
index 08704826..affebcce 100644
--- a/src/main/java/com/commafeed/frontend/servlet/NextUnreadServlet.java
+++ b/src/main/java/com/commafeed/frontend/servlet/NextUnreadServlet.java
@@ -53,7 +53,7 @@ public class NextUnreadServlet extends HttpServlet {
 		final Optional<User> user = new UnitOfWork<Optional<User>>(sessionFactory) {
 			@Override
 			protected Optional<User> runInSession() throws Exception {
-				return userService.login(req.getSession());
+				return userService.login(req.getSession(false));
 			}
 		}.run();
 		if (!user.isPresent()) {