diff options
author | Thomas Steur <tsteur@users.noreply.github.com> | 2020-09-11 05:34:34 +0300 |
---|---|---|
committer | GitHub <noreply@github.com> | 2020-09-11 05:34:34 +0300 |
commit | 5fe0d1a387ba2db0d76fdc69975cf9e5535f5a52 (patch) | |
tree | 5b9ffce4be34ddfffc432cd76fd6280ade827fad /core | |
parent | 6b70e8cc7a12e596bfa08e35db52531ce989c2f2 (diff) |
Make sure to initialize a session for the anonymous user (#16423)
Diffstat (limited to 'core')
-rw-r--r-- | core/FrontController.php | 14 |
1 files changed, 13 insertions, 1 deletions
diff --git a/core/FrontController.php b/core/FrontController.php index bc5e96c38f..10b9a1b8e0 100644 --- a/core/FrontController.php +++ b/core/FrontController.php @@ -21,6 +21,7 @@ use Piwik\Http\ControllerResolver; use Piwik\Http\Router; use Piwik\Plugins\CoreAdminHome\CustomLogo; use Piwik\Session\SessionAuth; +use Piwik\Session\SessionInitializer; use Psr\Log\LoggerInterface; /** @@ -401,7 +402,18 @@ class FrontController extends Singleton // ... if session auth fails try normal auth (which will login the anonymous user) if (!$loggedIn) { $authAdapter = $this->makeAuthenticator(); - Access::getInstance()->reloadAccess($authAdapter); + $success = Access::getInstance()->reloadAccess($authAdapter); + + if ($success + && Piwik::isUserIsAnonymous() + && $authAdapter->getLogin() === 'anonymous' //double checking the login + && Piwik::isUserHasSomeViewAccess() + && Session::isSessionStarted()) { // only if session was started, don't do it eg for API + // usually the session would be started when someone logs in using login controller. But in this + // case we need to init session here for anoynymous users + $init = StaticContainer::get(SessionInitializer::class); + $init->initSession($authAdapter); + } } else { $this->makeAuthenticator($sessionAuth); // Piwik\Auth must be set to the correct Login plugin } |