From 9b4187927260c8a902bf5f021fcba57cbc124a84 Mon Sep 17 00:00:00 2001
From: eileen <emcnaughton@wikimedia.org>
Date: Thu, 2 Jan 2020 11:01:06 +1300
Subject: [PATCH] dev/drupal#98 Fix masquerade issue caused by drupal update
 change

---
 CRM/Core/Session.php | 12 ++++++++++++
 1 file changed, 12 insertions(+)

diff --git a/CRM/Core/Session.php b/CRM/Core/Session.php
index 7794ca48b61c..75936e7f9412 100644
--- a/CRM/Core/Session.php
+++ b/CRM/Core/Session.php
@@ -41,6 +41,13 @@ class CRM_Core_Session {
    */
   protected $_session = NULL;
 
+  /**
+   * Current php Session ID : needed to detect if the session is changed
+   *
+   * @var string
+   */
+  protected $sessionID;
+
   /**
    * We only need one instance of this object. So we use the singleton
    * pattern and cache the instance in this variable
@@ -88,6 +95,11 @@ public static function &singleton() {
    *   Is this a read operation, in this case, the session will not be touched.
    */
   public function initialize($isRead = FALSE) {
+    // remove $_SESSION reference if session is changed
+    if (($sid = session_id()) !== $this->sessionID) {
+      $this->_session = NULL;
+      $this->sessionID = $sid;
+    }
     // lets initialize the _session variable just before we need it
     // hopefully any bootstrapping code will actually load the session from the CMS
     if (!isset($this->_session)) {