From aaa7e4a184e2126bc0fa76e600cebb984aff29dc Mon Sep 17 00:00:00 2001
From: FreddleSpl0it <patschul@posteo.de>
Date: Thu, 13 Feb 2025 11:54:55 +0100
Subject: [PATCH] [Web] Fix incorrect session lifetime in sogo-auth.php

---
 data/web/sogo-auth.php | 7 ++++++-
 1 file changed, 6 insertions(+), 1 deletion(-)

diff --git a/data/web/sogo-auth.php b/data/web/sogo-auth.php
index 40fff5856..7ccea95d3 100644
--- a/data/web/sogo-auth.php
+++ b/data/web/sogo-auth.php
@@ -72,7 +72,12 @@ elseif (isset($_GET['login'])) {
 // only check for admin-login on sogo GUI requests
 elseif (isset($_SERVER['HTTP_X_ORIGINAL_URI']) && strcasecmp(substr($_SERVER['HTTP_X_ORIGINAL_URI'], 0, 9), "/SOGo/so/") === 0) {
   // this is an nginx auth_request call, we check for existing sogo-sso session variables
-  session_start();
+  require_once $_SERVER['DOCUMENT_ROOT'] . '/inc/vars.inc.php';
+  if (file_exists($_SERVER['DOCUMENT_ROOT'] . '/inc/vars.local.inc.php')) {
+    include_once $_SERVER['DOCUMENT_ROOT'] . '/inc/vars.local.inc.php';
+  }
+  require_once $_SERVER['DOCUMENT_ROOT'] . '/inc/sessions.inc.php';
+
   // extract email address from "/SOGo/so/user@domain/xy"
   $url_parts = explode("/", $_SERVER['HTTP_X_ORIGINAL_URI']);
   $email_list = array(