destroy invalid sessions

author Arthur Schiwon <blizzz@owncloud.com>

Mon, 8 Oct 2012 11:35:59 +0000 (13:35 +0200)

committer Arthur Schiwon <blizzz@owncloud.com>

Mon, 8 Oct 2012 11:36:11 +0000 (13:36 +0200)
author Arthur Schiwon <blizzz@owncloud.com>
Mon, 8 Oct 2012 11:35:59 +0000 (13:35 +0200)
committer Arthur Schiwon <blizzz@owncloud.com>
Mon, 8 Oct 2012 11:36:11 +0000 (13:36 +0200)
diff --git a/lib/base.php b/lib/base.php

index 41ff1870059a297f6fa74bb2460f40a48fc6a5c6..c898273d9e24c065a56a25916e37aec45b50a0d7 100644 (file)
--- a/lib/base.php
+++ b/lib/base.php
@@ -352,6 +352,10 @@ class OC{
                 OC_User::useBackend(new OC_User_Database());
                 OC_Group::useBackend(new OC_Group_Database());
  
+               if(isset($_SERVER['PHP_AUTH_USER']) && isset($_SESSION['user_id']) && $_SERVER['PHP_AUTH_USER'] != $_SESSION['user_id']) {
+                       OC_User::logout();
+               }
+
                 // Load Apps
                 // This includes plugins for users and filesystems as well
                 global $RUNTIME_NOAPPS;
author	Arthur Schiwon <blizzz@owncloud.com>
	Mon, 8 Oct 2012 11:35:59 +0000 (13:35 +0200)
committer	Arthur Schiwon <blizzz@owncloud.com>
	Mon, 8 Oct 2012 11:36:11 +0000 (13:36 +0200)