From e84a90943ab1e4a254b2d33c7cabef18b718b456 Mon Sep 17 00:00:00 2001
From: Alexandre Alapetite <alexandre@alapetite.fr>
Date: Wed, 20 Mar 2019 17:52:31 +0100
Subject: Session fix when form + HTTP auth are used (#2286)

https://github.com/Alkarex/FreshRSS/commit/bf51c82d55f6bf1af2a6464ca4f148d6c613d28f
https://github.com/FreshRSS/FreshRSS/issues/2125#issuecomment-473873922
---
 app/Models/Auth.php | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

(limited to 'app/Models/Auth.php')

diff --git a/app/Models/Auth.php b/app/Models/Auth.php
index 513a9cb2f..16a506f00 100644
--- a/app/Models/Auth.php
+++ b/app/Models/Auth.php
@@ -13,7 +13,7 @@ class FreshRSS_Auth {
 	 * This method initializes authentication system.
 	 */
 	public static function init() {
-		if (Minz_Session::param('REMOTE_USER', '') !== httpAuthUser()) {
+		if (isset($_SESSION['REMOTE_USER']) && $_SESSION['REMOTE_USER'] !== httpAuthUser()) {
 			//HTTP REMOTE_USER has changed
 			self::removeAccess();
 		}
-- 
cgit v1.2.3