From 2d7dfd1b2e990cf5693a756c71a29cbabe14abd6 Mon Sep 17 00:00:00 2001
From: Torsten Simon <simon@edu-sharing.net>
Date: Fri, 21 Jul 2023 12:18:34 +0200
Subject: [PATCH] fix:obey session cookie even if http_referer is present

---
 src/main/php/modules/redirect.php | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/src/main/php/modules/redirect.php b/src/main/php/modules/redirect.php
index 5de77ea9..7597c264 100644
--- a/src/main/php/modules/redirect.php
+++ b/src/main/php/modules/redirect.php
@@ -108,6 +108,8 @@ function addContentHeaders($src_file){
 // start session to read object-data
 if (!empty($_GET[$ESRENDER_SESSION_NAME])) {
     $l_sid = $_GET[$ESRENDER_SESSION_NAME];
+} else if(!empty($_COOKIE[$ESRENDER_SESSION_NAME])) {
+    $l_sid = $_COOKIE[$ESRENDER_SESSION_NAME];
 } else if(!empty($_SERVER['HTTP_REFERER'])) {
     $parts = parse_url($_SERVER['HTTP_REFERER']);
     parse_str($parts['query'], $query);