X-Git-Url: http://wagnertech.de/git?a=blobdiff_plain;ds=inline;f=SL%2FAuth.pm;h=74ccd4ee5dc5eb6aa20ea1d8edb6d8c3d324c5da;hb=88abef92ceaa2f2f297eb0b2a9a64418bed97ba7;hp=bbf4b32e5ec16027fa9e6695e9a8da35d1440958;hpb=db9a3208c90825530aa1631a09220044348fece4;p=kivitendo-erp.git

diff --git a/SL/Auth.pm b/SL/Auth.pm
index bbf4b32e5..74ccd4ee5 100644
--- a/SL/Auth.pm
+++ b/SL/Auth.pm
@@ -607,8 +607,8 @@ sub restore_session {
   # The session ID provided is valid in the following cases:
   #  1. session ID exists in the database
   #  2. hasn't expired yet
-  #  3. if form field '{AUTH}api_token' is given: form field must equal database column 'auth.session.api_token' for the session ID
-  #  4. if form field '{AUTH}api_token' is NOT given then: the requestee's IP address must match the stored IP address
+  #  3. if cookie for the API token is given: the cookie's value equal database column 'auth.session.api_token' for the session ID
+  #  4. if cookie for the API token is NOT given then: the requestee's IP address must match the stored IP address
   $self->{api_token}   = $cookie->{api_token} if $cookie;
   my $api_token_cookie = $self->get_api_token_cookie;
   my $cookie_is_bad    = !$cookie || $cookie->{is_expired};
@@ -992,6 +992,12 @@ sub get_api_token_cookie {
   $::request->{cgi}->cookie($self->get_session_cookie_name(type => 'api_token'));
 }
 
+sub is_api_token_cookie_valid {
+  my ($self)             = @_;
+  my $provided_api_token = $self->get_api_token_cookie;
+  return $self->{api_token} && $provided_api_token && ($self->{api_token} eq $provided_api_token);
+}
+
 sub session_tables_present {
   $main::lxdebug->enter_sub();