- local sess = ctx.authsession or luci.http.getcookie("sysauth")
- sess = sess and sess:match("^[A-F0-9]+$")
- local user = sauth.read(sess)
+ local sess = ctx.authsession
+ local verifytoken = true
+ if not sess then
+ sess = luci.http.getcookie("sysauth")
+ sess = sess and sess:match("^[A-F0-9]+$")
+ end
+
+ local sdat = sauth.read(sess)
+ local user
+
+ if sdat then
+ sdat = loadstring(sdat)()
+ if not verifytoken or ctx.urltoken.stok == sdat.token then
+ user = sdat.user
+ end
+ end