From 85a7819469ee3288c683fe5663cf388d2fb1fad3 Mon Sep 17 00:00:00 2001
From: JonnyWong16 <Jonny.Wong.16@gmail.com>
Date: Wed, 27 Apr 2016 21:26:18 -0700
Subject: [PATCH] Check if sessions enabled for login/logout

* Redirect to logout on session expiry to remove the session
---
 plexpy/webauth.py | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/plexpy/webauth.py b/plexpy/webauth.py
index c22911cc..878e79a1 100644
--- a/plexpy/webauth.py
+++ b/plexpy/webauth.py
@@ -61,7 +61,7 @@ def check_auth(*args, **kwargs):
                 if not condition():
                     raise cherrypy.HTTPRedirect(plexpy.HTTP_ROOT)
         else:
-            raise cherrypy.HTTPRedirect("auth/login")
+            raise cherrypy.HTTPRedirect("auth/logout")
     
 def requireAuth(*conditions):
     """A decorator that appends conditions to the auth.require config
@@ -137,7 +137,7 @@ class AuthController(object):
 
     @cherrypy.expose
     def login(self, username=None, password=None, remember_me='0'):
-        if not plexpy.CONFIG.HTTP_PASSWORD:
+        if not cherrypy.config.get('tools.sessions.on'):
             raise cherrypy.HTTPRedirect(plexpy.HTTP_ROOT)
 
         if username is None or password is None:
@@ -181,7 +181,7 @@ class AuthController(object):
     
     @cherrypy.expose
     def logout(self):
-        if not plexpy.CONFIG.HTTP_PASSWORD:
+        if not cherrypy.config.get('tools.sessions.on'):
             raise cherrypy.HTTPRedirect(plexpy.HTTP_ROOT)
 
         _session = cherrypy.session.get(SESSION_KEY)