diff --git a/phpBB/docs/CHANGELOG.html b/phpBB/docs/CHANGELOG.html
index fa05bdd3b8..b6ddd59e96 100644
--- a/phpBB/docs/CHANGELOG.html
+++ b/phpBB/docs/CHANGELOG.html
@@ -91,8 +91,9 @@
[Fix] Posts incremented for multiple approval of the same topic (Bug #40495 - Patch by TerraFrost)
[Fix] Missing end " in quote bb tag deletes text (Bug #40565 - Patch by TerraFrost)
[Fix] Friend/foe system displays posts made by foes while composing (Bug #40325 - Patch by TerraFrost and Highway of Life)
- [Fix] Missing read permission from calls to phpbb_chmod()
+ [Fix] Added missing read permission information for some phpbb_chmod() calls
[Fix] Correctly display future dates (Bug #38755)
+ [Fix] Fix guest/bot session problems with apache authentication plugin (Bug #41085)
[Change] Allow download of conflicting file for later reference in automatic updater
[Change] Default difference view is now 'inline' instead of 'side by side'
[Change] Added new option for merging differences to conflicting files in automatic updater
diff --git a/phpBB/includes/auth/auth_apache.php b/phpBB/includes/auth/auth_apache.php
index 80ac81ed46..f6d5f418d0 100644
--- a/phpBB/includes/auth/auth_apache.php
+++ b/phpBB/includes/auth/auth_apache.php
@@ -104,7 +104,7 @@ function login_apache(&$username, &$password)
'user_row' => $row,
);
}
-
+
// Successful login...
return array(
'status' => LOGIN_SUCCESS,
@@ -227,6 +227,18 @@ function user_row_apache($username, $password)
*/
function validate_session_apache(&$user)
{
+ // We only need to check authenticated users. For anonymous user as well as bots the session of course did not expire.
+ if ($user['user_id'] == ANONYMOUS)
+ {
+ return true;
+ }
+
+ // Checking for a bot is a bit mroe complicated... but we are able to check this with the user type (anonymous has the same as bots)
+ if ($user['user_type'] == USER_IGNORE)
+ {
+ return true;
+ }
+
if (!isset($_SERVER['PHP_AUTH_USER']))
{
return false;