From b3f8cf1512368da8ab3743c0a8830aadd825a39c Mon Sep 17 00:00:00 2001
From: Pim Snel <mipmip@alumni.egroupware.org>
Date: Fri, 13 Oct 2006 12:49:03 +0000
Subject: [PATCH] Add to session verify: If User is Anonymous and enters a not
 allowed application its session will be destroyed inmediatly.

---
 phpgwapi/inc/class.sessions.inc.php | 16 ++++++++++++++++
 1 file changed, 16 insertions(+)

diff --git a/phpgwapi/inc/class.sessions.inc.php b/phpgwapi/inc/class.sessions.inc.php
index 19c6406c8a..9328a44706 100644
--- a/phpgwapi/inc/class.sessions.inc.php
+++ b/phpgwapi/inc/class.sessions.inc.php
@@ -316,6 +316,22 @@
 			}
 
 			$this->session_flags = $session['session_flags'];
+			
+			/* If User is Anonymous and enters a not allowed application its session will be destroyed inmediatly. */
+			$_current_app=$GLOBALS['egw_info']['flags']['currentapp'];
+			if($this->session_flags=='A' && !$GLOBALS['egw_info']['user']['apps'][$_current_app])
+			{
+			   $this->destroy($sessionid,$kp3);
+
+			   /* Overwrite Cookie with empty user. For 2 weeks */
+			   $this->egw_setcookie('sessionid','');
+			   $this->egw_setcookie('kp3','');
+			   $this->egw_setcookie('domain','');
+			   $this->egw_setcookie('last_domain','');
+			   $this->egw_setcookie('last_loginid', ''); 
+
+			   return False;
+			}
 
 			$this->split_login_domain($session['session_lid'],$this->account_lid,$this->account_domain);