From e72327d4b1fd92675372a118052f1c9847f882dc Mon Sep 17 00:00:00 2001
From: Frédéric Guillot <fred@kanboard.net>
Date: Sat, 29 Nov 2014 17:18:23 -0500
Subject: Improve session handler and add Ajax session check

---
 app/Controller/Base.php | 7 ++++++-
 1 file changed, 6 insertions(+), 1 deletion(-)

(limited to 'app/Controller/Base.php')

diff --git a/app/Controller/Base.php b/app/Controller/Base.php
index c1753c97..92a3d068 100644
--- a/app/Controller/Base.php
+++ b/app/Controller/Base.php
@@ -140,7 +140,7 @@ abstract class Base
     public function beforeAction($controller, $action)
     {
         // Start the session
-        $this->session->open(BASE_URL_DIRECTORY, SESSION_SAVE_PATH);
+        $this->session->open(BASE_URL_DIRECTORY);
 
         // HTTP secure headers
         $this->response->csp(array('style-src' => "'self' 'unsafe-inline'"));
@@ -161,6 +161,11 @@ abstract class Base
 
         // Authentication
         if (! $this->authentication->isAuthenticated($controller, $action)) {
+
+            if ($this->request->isAjax()) {
+                $this->response->text('Not Authorized', 401);
+            }
+
             $this->response->redirect('?controller=user&action=login&redirect_query='.urlencode($this->request->getQueryString()));
         }
 
-- 
cgit v1.2.3