Auth: Prevent and log duplicate session_start

ILIAS-eLearning · Feb 13, 2025 · fe14110 · fe14110
1 parent 7cdbf5f
commit fe14110
Showing 1 changed file with 6 additions and 0 deletions.
diff --git a/Services/Authentication/classes/class.ilAuthSession.php b/Services/Authentication/classes/class.ilAuthSession.php
@@ -67,6 +67,12 @@ protected function getLogger(): ilLogger
      */
     public function init(): bool
     {
+        if (session_status() === PHP_SESSION_ACTIVE) {
+            $this->getLogger()->error(__METHOD__ . ' called with active session.');
+            $this->getLogger()->logStack(ilLogLevel::ERROR);
+            return false;
+        }
+
         session_start();
 
         $this->setId(session_id());