/** * Try to authenticate the user with the current session * * Authentication for externally-authenticated users will be revoked if the username changed or external * authentication is no longer in effect */ public function authenticateFromSession() { $this->user = Session::getSession()->get('user'); if ($this->user !== null && $this->user->isRemoteUser() === true) { list($originUsername, $field) = $this->user->getRemoteUserInformation(); if (!array_key_exists($field, $_SERVER) || $_SERVER[$field] !== $originUsername) { $this->removeAuthorization(); } } }