summaryrefslogtreecommitdiffstats
path: root/lib/private/User/Session.php
diff options
context:
space:
mode:
Diffstat (limited to 'lib/private/User/Session.php')
-rw-r--r--lib/private/User/Session.php7
1 files changed, 5 insertions, 2 deletions
diff --git a/lib/private/User/Session.php b/lib/private/User/Session.php
index de4d1f63b9e..78b4778bd52 100644
--- a/lib/private/User/Session.php
+++ b/lib/private/User/Session.php
@@ -840,13 +840,16 @@ class Session implements IUserSession, Emitter {
$authHeader = $request->getHeader('Authorization');
if (strpos($authHeader, 'Bearer ') === 0) {
$token = substr($authHeader, 7);
- } else {
- // No auth header, let's try session id
+ } elseif ($request->getCookie($this->config->getSystemValueString('instanceid')) !== null) {
+ // No auth header, let's try session id, but only if this is an existing
+ // session and the request has a session cookie
try {
$token = $this->session->getId();
} catch (SessionNotAvailableException $ex) {
return false;
}
+ } else {
+ return false;
}
if (!$this->loginWithToken($token)) {
generated by cgit v1.2.3 (git 2.39.1) at 2025-01-05 14:52:09 +0000