commit 9f032558b3e0fda72da07e5cf15f67e57d0695af
author Eike Stepper <stepper@esc-net.de> Tue Dec 08 12:48:13 2015 +0100
committer Eike Stepper <stepper@esc-net.de> Tue Dec 08 12:48:13 2015 +0100
tree 84442f3cb3ce6adba90a22677c8a0eda3342c4f7
parent ceff551adb0926d3e28b610bb32ff0527cabf0cf

Full reauthentication after server-side session expiration

org.eclipse.userstorage/src/org/eclipse/userstorage/internal/Session.java

diff --git a/org.eclipse.userstorage/src/org/eclipse/userstorage/internal/Session.java b/org.eclipse.userstorage/src/org/eclipse/userstorage/internal/Session.java
index bd37922..1dc50ff 100644
--- a/org.eclipse.userstorage/src/org/eclipse/userstorage/internal/Session.java
+++ b/org.eclipse.userstorage/src/org/eclipse/userstorage/internal/Session.java
@@ -376,6 +376,7 @@
         }
       }
 
+      boolean authenticated = false;
       for (;;)
       {
         body = null;
@@ -383,7 +384,9 @@
 
         try
         {
+          authenticated = false;
           authenticate(credentials, credentialsProvider, reauthentication);
+          authenticated = true;
 
           Request request = prepareRequest();
           HttpResponse response = sendRequest(request, uri);
@@ -404,6 +407,14 @@
             if (protocolException.getStatusCode() == AUTHORIZATION_REQUIRED && --authenticationAttempts > 0)
             {
               reauthentication = true;
+
+              if (authenticated)
+              {
+                // This means that the initial authenticate() call was skipped because we already have a session,
+                // but this session is no longer valid on the server. So reset() to force a full reauthentication.
+                reset();
+              }
+
               continue;
             }
           }