2 files changed, 15 insertions, 1 deletions

diff --git a/app/Auth/ReverseProxy.php b/app/Auth/ReverseProxy.php
index abcdd449..1910ad35 100644
--- a/app/Auth/ReverseProxy.php
+++ b/app/Auth/ReverseProxy.php
@@ -21,6 +21,17 @@ class ReverseProxy extends Base
     const AUTH_NAME = 'ReverseProxy';
 
     /**
+     * Get username from the reverse proxy
+     *
+     * @access public
+     * @return string
+     */
+    public function getUsername()
+    {
+        return isset($_SERVER[REVERSE_PROXY_USER_HEADER]) ? $_SERVER[REVERSE_PROXY_USER_HEADER] : '';
+    }
+
+    /**
      * Authenticate the user with the HTTP header
      *
      * @access public
diff --git a/app/Model/Authentication.php b/app/Model/Authentication.php
index 116e0726..580c1e14 100644
--- a/app/Model/Authentication.php
+++ b/app/Model/Authentication.php
@@ -44,7 +44,10 @@ class Authentication extends Base
         if ($this->userSession->isLogged()) {
 
             // Check if the user session match an existing user
-            if (! $this->user->exists($this->userSession->getId())) {
+            $userNotFound = ! $this->user->exists($this->userSession->getId());
+            $reverseProxyWrongUser = REVERSE_PROXY_AUTH && $this->backend('reverseProxy')->getUsername() !== $_SESSION['user']['username'];
+
+            if ($userNotFound || $reverseProxyWrongUser) {
                 $this->backend('rememberMe')->destroy($this->userSession->getId());
                 $this->session->close();
                 return false;