From 7360407b7368e3f5aa08140ef973cc7614731903 Mon Sep 17 00:00:00 2001
From: David Goodwin <david@codepoets.co.uk>
Date: Wed, 25 Sep 2019 13:47:15 +0100
Subject: [PATCH] see: https://github.com/postfixadmin/postfixadmin/issues/302
 - check if the session key exists; and if not show something that may help

---
 public/login.php | 6 +++++-
 1 file changed, 5 insertions(+), 1 deletion(-)

diff --git a/public/login.php b/public/login.php
index 7c98fa32..39a36330 100644
--- a/public/login.php
+++ b/public/login.php
@@ -37,8 +37,12 @@ if ($CONF['configured'] !== true) {
 check_db_version(); # check if the database layout is up to date (and error out if not)
 
 if ($_SERVER['REQUEST_METHOD'] == "POST") {
+    if (!isset($_SESSION['PFA_token'])) {
+        die("Invalid token (session timeout; refresh the page and try again?)");
+    }
+
     if (safepost('token') != $_SESSION['PFA_token']) {
-        die('Invalid token!');
+        die('Invalid token! (CSRF check failed)');
     }
 
     $lang = safepost('lang');