From 84949ebcb6a7bb5b4d74ee759c754636db52dc6d Mon Sep 17 00:00:00 2001
From: Andreas Fink <af@andreasfink.com>
Date: Mon, 7 Nov 2016 11:26:19 +0100
Subject: [PATCH] Bugfix session handling #6

---
 AuthRemoteuser.body.php | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/AuthRemoteuser.body.php b/AuthRemoteuser.body.php
index 2941ad6..75d61c6 100644
--- a/AuthRemoteuser.body.php
+++ b/AuthRemoteuser.body.php
@@ -59,7 +59,8 @@ class AuthRemoteuser extends MediaWiki\Session\ImmutableSessionProviderWithCooki
     {
         // Have a session ID?
         $id = $this->getSessionIdFromCookie($request);
-        if (null === $id) {
+        // #6 assign a new sessionid if the id is null or if the session is no longer valid
+        if ((null === $id)||(!MediaWiki\Session\SessionManager::singleton()->getSessionById($id))) {
             $username = $this->getRemoteUsername();
             $sessionInfo = $this->newSessionForRequest($username, $request);
 
-- 
GitLab