SLING-9433 - Do not log stack trace in case of cookies with no match in the token store
diff --git a/src/main/java/org/apache/sling/auth/form/impl/TokenStore.java b/src/main/java/org/apache/sling/auth/form/impl/TokenStore.java
index b97ac15..8ff67fd 100644
--- a/src/main/java/org/apache/sling/auth/form/impl/TokenStore.java
+++ b/src/main/java/org/apache/sling/auth/form/impl/TokenStore.java
@@ -222,6 +222,10 @@
 
                     try {
                         SecretKey secretKey = currentTokens[tokenNumber];
+                        if ( secretKey == null ) {
+                            log.error("AuthNCookie value '{}' points to an unknown token number", value);
+                            return false;
+                        }
                         String hmac = encode(cookieTime, parts[2], tokenNumber,
                             secretKey);
                         return value.equals(hmac);