From e42fdf29ae6939ce32a869c37a27fffad4c3a5af Mon Sep 17 00:00:00 2001
From: Luke Taylor <luke.taylor@springsource.com>
Date: Fri, 1 Feb 2008 16:03:56 +0000
Subject: [PATCH] Don't add exception to session if allowSessionCreation is
 false.

---
 .../ui/openid/OpenIdAuthenticationProcessingFilter.java   | 8 +++++---
 1 file changed, 5 insertions(+), 3 deletions(-)

diff --git a/openid/src/main/java/org/springframework/security/ui/openid/OpenIdAuthenticationProcessingFilter.java b/openid/src/main/java/org/springframework/security/ui/openid/OpenIdAuthenticationProcessingFilter.java
index 549bcc2f7f..a73c6c23ed 100644
--- a/openid/src/main/java/org/springframework/security/ui/openid/OpenIdAuthenticationProcessingFilter.java
+++ b/openid/src/main/java/org/springframework/security/ui/openid/OpenIdAuthenticationProcessingFilter.java
@@ -184,9 +184,11 @@ public class OpenIdAuthenticationProcessingFilter extends AbstractProcessingFilt
             logger.debug("Authentication request failed: " + failed.toString());
         }
 
-        try {
-            request.getSession().setAttribute(SPRING_SECURITY_LAST_EXCEPTION_KEY, failed);
-        } catch (Exception ignored) {
+        if (getAllowSessionCreation()) {
+            try {
+                request.getSession().setAttribute(SPRING_SECURITY_LAST_EXCEPTION_KEY, failed);
+            } catch (Exception ignored) {
+            }
         }
 
         super.getRememberMeServices().loginFail(request, response);