From fe14110991c582abee709f3247d92cf660c43e16 Mon Sep 17 00:00:00 2001
From: mjansen <mjansen@databay.de>
Date: Tue, 28 Jan 2025 12:01:53 +0100
Subject: [PATCH] Auth: Prevent and log duplicate `session_start`

---
 Services/Authentication/classes/class.ilAuthSession.php | 6 ++++++
 1 file changed, 6 insertions(+)

diff --git a/Services/Authentication/classes/class.ilAuthSession.php b/Services/Authentication/classes/class.ilAuthSession.php
index 03fe7fde7e87..9da2b11d9611 100644
--- a/Services/Authentication/classes/class.ilAuthSession.php
+++ b/Services/Authentication/classes/class.ilAuthSession.php
@@ -67,6 +67,12 @@ protected function getLogger(): ilLogger
      */
     public function init(): bool
     {
+        if (session_status() === PHP_SESSION_ACTIVE) {
+            $this->getLogger()->error(__METHOD__ . ' called with active session.');
+            $this->getLogger()->logStack(ilLogLevel::ERROR);
+            return false;
+        }
+
         session_start();
 
         $this->setId(session_id());