SLING-9433 - Do not log stack trace in case of cookies with no match in the token store
diff --git a/src/main/java/org/apache/sling/auth/form/impl/TokenStore.java b/src/main/java/org/apache/sling/auth/form/impl/TokenStore.java
index b97ac15..8ff67fd 100644
--- a/src/main/java/org/apache/sling/auth/form/impl/TokenStore.java
+++ b/src/main/java/org/apache/sling/auth/form/impl/TokenStore.java
@@ -222,6 +222,10 @@
try {
SecretKey secretKey = currentTokens[tokenNumber];
+ if ( secretKey == null ) {
+ log.error("AuthNCookie value '{}' points to an unknown token number", value);
+ return false;
+ }
String hmac = encode(cookieTime, parts[2], tokenNumber,
secretKey);
return value.equals(hmac);