From 27af03c92d1eea2c7c8e19b1f0b3646633173642 Mon Sep 17 00:00:00 2001 From: Git'Fellow <12234510+solracsf@users.noreply.github.com> Date: Sat, 6 Jan 2024 09:03:59 +0100 Subject: fix(session): Avoid two useless authtoken DB queries for every anonymous request Co-Authored-By: Christoph Wurst Signed-off-by: Git'Fellow <12234510+solracsf@users.noreply.github.com> Signed-off-by: Christoph Wurst --- lib/private/User/Session.php | 7 +++++-- 1 file changed, 5 insertions(+), 2 deletions(-) (limited to 'lib') diff --git a/lib/private/User/Session.php b/lib/private/User/Session.php index de4d1f63b9e..78b4778bd52 100644 --- a/lib/private/User/Session.php +++ b/lib/private/User/Session.php @@ -840,13 +840,16 @@ class Session implements IUserSession, Emitter { $authHeader = $request->getHeader('Authorization'); if (strpos($authHeader, 'Bearer ') === 0) { $token = substr($authHeader, 7); - } else { - // No auth header, let's try session id + } elseif ($request->getCookie($this->config->getSystemValueString('instanceid')) !== null) { + // No auth header, let's try session id, but only if this is an existing + // session and the request has a session cookie try { $token = $this->session->getId(); } catch (SessionNotAvailableException $ex) { return false; } + } else { + return false; } if (!$this->loginWithToken($token)) { -- cgit v1.2.3