From bb1b3787ecc790c68877d8f7389e05f9ec061fef Mon Sep 17 00:00:00 2001
From: Ylian Saint-Hilaire <ysainthilaire@hotmail.com>
Date: Fri, 16 Apr 2021 23:15:57 -0700
Subject: [PATCH] Additional login token checking.

---
 webserver.js | 6 ++++++
 1 file changed, 6 insertions(+)

diff --git a/webserver.js b/webserver.js
index ef16601f..8cada939 100644
--- a/webserver.js
+++ b/webserver.js
@@ -2377,6 +2377,12 @@ module.exports.CreateWebServer = function (parent, db, args, certificates) {
                 req.session.ip = req.clientIp; // Bind this session to the IP address of the request
                 handleRootRequestEx(req, res, domain, direct);
             });
+        } else if ((req.session != null) && (typeof req.session.loginToken == 'string')) {
+            // Check if the loginToken is still valid
+            obj.db.Get('logintoken-' + req.session.loginToken, function (err, docs) {
+                if ((err != null) || (docs == null) || (docs.length != 1) || (docs[0].tokenUser != req.session.loginToken)) { for (var i in req.session) { delete req.session[i]; } }
+                handleRootRequestEx(req, res, domain, direct); // Login using a different system
+            });
         } else {
             // Login using a different system
             handleRootRequestEx(req, res, domain, direct);