From 3affeb5bd77715c84c70230d744de8d0f577a378 Mon Sep 17 00:00:00 2001
From: Arthur Schiwon <blizzz@owncloud.com>
Date: Mon, 8 Oct 2012 13:35:59 +0200
Subject: [PATCH] destroy invalid sessions

---
 lib/base.php | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/lib/base.php b/lib/base.php
index 41ff187005..c898273d9e 100644
--- a/lib/base.php
+++ b/lib/base.php
@@ -352,6 +352,10 @@ class OC{
 		OC_User::useBackend(new OC_User_Database());
 		OC_Group::useBackend(new OC_Group_Database());
 
+		if(isset($_SERVER['PHP_AUTH_USER']) && isset($_SESSION['user_id']) && $_SERVER['PHP_AUTH_USER'] != $_SESSION['user_id']) {
+			OC_User::logout();
+		}
+
 		// Load Apps
 		// This includes plugins for users and filesystems as well
 		global $RUNTIME_NOAPPS;