From 4c025d348b5606f914ea371c0dabf3ff23caf013 Mon Sep 17 00:00:00 2001
From: Dario Rekowski on RockPI <dario.rekowski@gmx.de>
Date: Tue, 13 Apr 2021 11:18:07 +0000
Subject: [PATCH] fix order in which to check for session_id

---
 .../src/Controller/AppController.php          | 21 ++++++++++++-------
 1 file changed, 13 insertions(+), 8 deletions(-)

diff --git a/community_server/src/Controller/AppController.php b/community_server/src/Controller/AppController.php
index 42d97d5d8..98a690bd1 100644
--- a/community_server/src/Controller/AppController.php
+++ b/community_server/src/Controller/AppController.php
@@ -156,18 +156,23 @@ class AppController extends Controller
         }
     }
 
-    protected function requestLogin($session_id = 0, $redirect = true)
+    protected function requestLogin($sessionId = 0, $redirect = true)
     {
         $session = $this->getRequest()->getSession();
         // check login
         // disable encryption for cookies
-        //$this->Cookie->configKey('User', 'encryption', false);
-        if(!$session_id) {
-            $session_id = intval($this->request->getCookie('GRADIDO_LOGIN', ''));
-            // TODO: This is unclear if correct
-            if($session_id == 0 && $session->check('session_id')) {
-          	  $session_id = intval($session->read('session_id'));
-          	}
+        $session_id = 0;
+        $php_session_id = 0;
+        if($session->check('session_id')) {
+            $php_session_id = intval($session->read('session_id'));
+        }
+        $cookie_session_id = intval($this->request->getCookie('GRADIDO_LOGIN', ''));
+        if($php_session_id != 0) {
+            $session_id = $php_session_id;
+        } else if($cookie_session_id != 0) {
+            $session_id = $cookie_session_id;
+        } else {
+            $session_id = $sessionId;
         }
         $ip = $this->request->clientIp();
         if (!$session->check('client_ip')) {