diff --git a/AuthRemoteuser.body.php b/AuthRemoteuser.body.php index 2941ad6bee90a43ffe688026273a9403204f8fda..75d61c63dd916cfa610a0081c1bfeb15b2036b52 100644 --- a/AuthRemoteuser.body.php +++ b/AuthRemoteuser.body.php @@ -59,7 +59,8 @@ class AuthRemoteuser extends MediaWiki\Session\ImmutableSessionProviderWithCooki { // Have a session ID? $id = $this->getSessionIdFromCookie($request); - if (null === $id) { + // #6 assign a new sessionid if the id is null or if the session is no longer valid + if ((null === $id)||(!MediaWiki\Session\SessionManager::singleton()->getSessionById($id))) { $username = $this->getRemoteUsername(); $sessionInfo = $this->newSessionForRequest($username, $request);