From: Arthur Schiwon <blizzz@owncloud.com>
Date: Mon, 8 Oct 2012 11:35:59 +0000 (+0200)
Subject: destroy invalid sessions
X-Git-Tag: v4.5.0RC3~13
X-Git-Url: https://source.dussan.org/?a=commitdiff_plain;h=3affeb5bd77715c84c70230d744de8d0f577a378;p=nextcloud-server.git

destroy invalid sessions
---

diff --git a/lib/base.php b/lib/base.php
index 41ff1870059..c898273d9e2 100644
--- a/lib/base.php
+++ b/lib/base.php
@@ -352,6 +352,10 @@ class OC{
 		OC_User::useBackend(new OC_User_Database());
 		OC_Group::useBackend(new OC_Group_Database());
 
+		if(isset($_SERVER['PHP_AUTH_USER']) && isset($_SESSION['user_id']) && $_SERVER['PHP_AUTH_USER'] != $_SESSION['user_id']) {
+			OC_User::logout();
+		}
+
 		// Load Apps
 		// This includes plugins for users and filesystems as well
 		global $RUNTIME_NOAPPS;