Fix session resume for external auths
When REMOTE_USER is not available from _SERVER (PHP internal webserver) fixes #11277
This commit is contained in:
parent
609b2da565
commit
929f45deea
|
@ -244,7 +244,8 @@ class Auth
|
||||||
$this->user = Session::getSession()->get('user');
|
$this->user = Session::getSession()->get('user');
|
||||||
if ($this->user !== null && $this->user->isExternalUser() === true) {
|
if ($this->user !== null && $this->user->isExternalUser() === true) {
|
||||||
list($originUsername, $field) = $this->user->getExternalUserInformation();
|
list($originUsername, $field) = $this->user->getExternalUserInformation();
|
||||||
if (! array_key_exists($field, $_SERVER) || $_SERVER[$field] !== $originUsername) {
|
$username = getenv($field); // usually REMOTE_USER here
|
||||||
|
if ( !$username || $username !== $originUsername) {
|
||||||
$this->removeAuthorization();
|
$this->removeAuthorization();
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
Loading…
Reference in New Issue