From 78091cc545ea110f4a626b3ea6454a4918a01d05 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Andr=C3=A9=20Noack?= <noack@data-quest.de>
Date: Mon, 14 Apr 2025 09:08:41 +0000
Subject: Resolve #5499 "Media Proy: $cache must not be accessed before
 initialization"

Closes #5499

Merge request studip/studip!4126
---
 lib/session/CacheSessionHandler.php |  2 +-
 lib/session/Manager.php             | 13 +++++++++----
 2 files changed, 10 insertions(+), 5 deletions(-)

diff --git a/lib/session/CacheSessionHandler.php b/lib/session/CacheSessionHandler.php
index 0418e47..78e0550 100644
--- a/lib/session/CacheSessionHandler.php
+++ b/lib/session/CacheSessionHandler.php
@@ -34,6 +34,7 @@ class CacheSessionHandler implements
         if ($session_lifetime) {
             $this->session_lifetime = $session_lifetime;
         }
+        $this->cache = Factory::getCache();
     }
 
     public function close(): bool
@@ -55,7 +56,6 @@ class CacheSessionHandler implements
 
     public function open(string $path, string $name): bool
     {
-        $this->cache = Factory::getCache();
         return true;
     }
 
diff --git a/lib/session/Manager.php b/lib/session/Manager.php
index 169d89e..85ea8b3 100644
--- a/lib/session/Manager.php
+++ b/lib/session/Manager.php
@@ -175,16 +175,16 @@ class Manager
         }
         $state = self::STATE_UNKNOWN;
         if (isset($GLOBALS['user']) && is_object($GLOBALS['user'])) {
-            $state = in_array($GLOBALS['user']->id, ['nobody', 'form']) ? self::STATE_NOBODY : self::STATE_AUTHENTICATED;
+            $state = $GLOBALS['user']->id === 'nobody' ? self::STATE_NOBODY : self::STATE_AUTHENTICATED;
         } else {
-            $sid = $_COOKIE[$this->getName()];
+            $sid = $this->getSessionIdFromCookie();
             if ($sid) {
                 $session_vars = $this->getSessionVars($sid);
                 $session_auth = $session_vars['auth'];
-                if ($session_auth['uid'] && !in_array($session_auth['uid'], ['nobody', 'form'])) {
+                if ($session_auth['uid'] && $session_auth['uid'] !== 'nobody') {
                     $state = self::STATE_AUTHENTICATED;
                 } else {
-                    $state = in_array($session_auth['uid'], ['nobody', 'form']) ? self::STATE_NOBODY : self::STATE_UNKNOWN;
+                    $state = $session_auth['uid'] === 'nobody' ? self::STATE_NOBODY : self::STATE_UNKNOWN;
                 }
             }
         }
@@ -201,6 +201,11 @@ class Manager
         return new \SessionDecoder($data);
     }
 
+    public function getSessionIdFromCookie(): string
+    {
+        return $_COOKIE[$this->getName()] ?? '';
+    }
+
     /**
      * force garbage collect
      *
-- 
cgit v1.0