From 9d01821b2f7fe8ba8c21d73cbf4a6c4811d17340 Mon Sep 17 00:00:00 2001
From: Stephen Rees-Carter <stephen@rees-carter.net>
Date: Wed, 13 Mar 2024 20:56:40 +1000
Subject: [PATCH] Check for password before storing hash in session

Fixes #50497
---
 src/Illuminate/Session/Middleware/AuthenticateSession.php | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/src/Illuminate/Session/Middleware/AuthenticateSession.php b/src/Illuminate/Session/Middleware/AuthenticateSession.php
index b32e3ba50283..efd34c35e662 100644
--- a/src/Illuminate/Session/Middleware/AuthenticateSession.php
+++ b/src/Illuminate/Session/Middleware/AuthenticateSession.php
@@ -44,7 +44,7 @@ public function __construct(AuthFactory $auth)
      */
     public function handle($request, Closure $next)
     {
-        if (! $request->hasSession() || ! $request->user()) {
+        if (! $request->hasSession() || ! $request->user() || ! $request->user()->getAuthPassword()) {
             return $next($request);
         }