diff options
| author | Arthur Schiwon <blizzz@arthur-schiwon.de> | 2024-01-17 20:45:41 +0100 |
|---|---|---|
| committer | GitHub <noreply@github.com> | 2024-01-17 20:45:41 +0100 |
| commit | 448dc1530f944e93516623a09a7229251fcd713f (patch) | |
| tree | 40eaca5aa22ef0718cd46fb170f3ae156ce6813b /lib | |
| parent | 11ed33a4e0615c4cee5e36c516b4001a64e7c5b4 (diff) | |
| parent | 27af03c92d1eea2c7c8e19b1f0b3646633173642 (diff) | |
| download | nextcloud-server-448dc1530f944e93516623a09a7229251fcd713f.tar.gz nextcloud-server-448dc1530f944e93516623a09a7229251fcd713f.zip | |
Merge pull request #42870 from nextcloud/backport/42607/stable27
[stable27] fix(session): Avoid useless authtoken DB queries for anonymous requests
Diffstat (limited to 'lib')
| -rw-r--r-- | lib/private/User/Session.php | 7 |
1 files changed, 5 insertions, 2 deletions
diff --git a/lib/private/User/Session.php b/lib/private/User/Session.php index de4d1f63b9e..78b4778bd52 100644 --- a/lib/private/User/Session.php +++ b/lib/private/User/Session.php @@ -840,13 +840,16 @@ class Session implements IUserSession, Emitter { $authHeader = $request->getHeader('Authorization'); if (strpos($authHeader, 'Bearer ') === 0) { $token = substr($authHeader, 7); - } else { - // No auth header, let's try session id + } elseif ($request->getCookie($this->config->getSystemValueString('instanceid')) !== null) { + // No auth header, let's try session id, but only if this is an existing + // session and the request has a session cookie try { $token = $this->session->getId(); } catch (SessionNotAvailableException $ex) { return false; } + } else { + return false; } if (!$this->loginWithToken($token)) { |