bug #3039384 [auth] Force signon auth on signon URL change.

ChangeLog

@@ -149,6 +149,7 @@
 - bug #3206876 [core] Work without mbstring installed.
 - rfe #3196075, patch #3212068 [interface] Add links to variables documentation.
 - bug #3208723 [import] Fix import of utf-8 XML files.
+- bug #3039384 [auth] Force signon auth on signon URL change.
 
 3.3.10.0 (not yet released)
 - patch #3147400 [structure] Aria table size printed as unknown,

libraries/auth/signon.auth.lib.php

@@ -19,6 +19,7 @@
  * @access  public
  */
 function PMA_auth() {
+    unset($_SESSION['LAST_SIGNON_URL']);
     if (empty($GLOBALS['cfg']['Server']['SignonURL'])) {
         PMA_fatalError('You must set SignonURL!');
     } elseif (!empty($_REQUEST['old_usr']) && !empty($GLOBALS['cfg']['Server']['LogoutURL'])) {
@@ -54,9 +55,17 @@ function PMA_auth_check()
 {
     global $PHP_AUTH_USER, $PHP_AUTH_PW;
 
+    /* Check if we're using same sigon server */
+    if (isset($_SESSION['LAST_SIGNON_URL']) && $_SESSION['LAST_SIGNON_URL'] != $GLOBALS['cfg']['Server']['SignonURL']) {
+        return false;
+    }
+
     /* Session name */
     $session_name = $GLOBALS['cfg']['Server']['SignonSession'];
 
+    /* Login URL */
+    $signon_url = $GLOBALS['cfg']['Server']['SignonURL'];
+
     /* Current host */
     $single_signon_host = $GLOBALS['cfg']['Server']['host'];
 
@@ -150,8 +159,10 @@ function PMA_auth_check()
 
     // Returns whether we get authentication settings or not
     if (empty($PHP_AUTH_USER)) {
+        unset($_SESSION['LAST_SIGNON_URL']);
         return false;
     } else {
+        $_SESSION['LAST_SIGNON_URL'] = $GLOBALS['cfg']['Server']['SignonURL'];
         return true;
     }
 } // end of the 'PMA_auth_check()' function