From bf8fe84d3178f0c43801ca40a59f4bc3b2c601c4 Mon Sep 17 00:00:00 2001
From: Stephen Rees-Carter <stephen@rees-carter.net>
Date: Thu, 14 Mar 2024 00:59:02 +1000
Subject: [PATCH] Check for password before storing hash in session (#50507)

Fixes #50497
---
 src/Illuminate/Session/Middleware/AuthenticateSession.php | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/src/Illuminate/Session/Middleware/AuthenticateSession.php b/src/Illuminate/Session/Middleware/AuthenticateSession.php
index b32e3ba50283..efd34c35e662 100644
--- a/src/Illuminate/Session/Middleware/AuthenticateSession.php
+++ b/src/Illuminate/Session/Middleware/AuthenticateSession.php
@@ -44,7 +44,7 @@ public function __construct(AuthFactory $auth)
      */
     public function handle($request, Closure $next)
     {
-        if (! $request->hasSession() || ! $request->user()) {
+        if (! $request->hasSession() || ! $request->user() || ! $request->user()->getAuthPassword()) {
             return $next($request);
         }