Request a reauthentication for GET requests in the grace period

Closes #4690

diff --git a/wcfsetup/install/files/lib/system/session/SessionHandler.class.php b/wcfsetup/install/files/lib/system/session/SessionHandler.class.php
index bb8039e07892ea756742ba792f877dcde9091753..30464f85733843791d8786372b7901d25d105984 100644 (file)
--- a/wcfsetup/install/files/lib/system/session/SessionHandler.class.php
+++ b/wcfsetup/install/files/lib/system/session/SessionHandler.class.php
@@ -1066,7 +1066,7 @@ final class SessionHandler extends SingletonFactory
         // is exceeded ...
         if ($lastAuthentication < (TIME_NOW - $softLimit)) {
             // ... and the grace period since the last check is also exceeded.
-            if ($lastCheck < (TIME_NOW - self::REAUTHENTICATION_GRACE_PERIOD)) {
+            if ($_POST === [] || $lastCheck < (TIME_NOW - self::REAUTHENTICATION_GRACE_PERIOD)) {
                 return true;
             }
         }