Skip session authentication for backend modules

- This was causing errors accessing these modules with an existing session with 2fa enabled while anonymous calls were going through

diff --git a/src/App.php b/src/App.php
index 5c85c9f26d46ad29a7260c44d117bee4676750fd..3ef9bdb4ed56e326865478fba2ecbee1ea80003b 100644 (file)
--- a/src/App.php
+++ b/src/App.php
@@ -631,7 +631,9 @@ class App
                                Model\Profile::openWebAuthInit($token);
                        }
 
-                       $auth->withSession($this);
+                       if (!$this->mode->isBackend()) {
+                               $auth->withSession($this);
+                       }
 
                        if (empty($_SESSION['authenticated'])) {
                                header('X-Account-Management-Status: none');