From a3f0bcedd9b5ee678a068d7f8f2ba756bd8cd5b0 Mon Sep 17 00:00:00 2001
From: Nicolas Le Goff <legoff.n@gmail.com>
Date: Wed, 24 Oct 2012 11:57:29 +0200
Subject: [PATCH] Update Session controller

---
 lib/Alchemy/Phrasea/Controller/Root/Session.php | 6 +++++-
 1 file changed, 5 insertions(+), 1 deletion(-)

diff --git a/lib/Alchemy/Phrasea/Controller/Root/Session.php b/lib/Alchemy/Phrasea/Controller/Root/Session.php
index 68bc745ed9..a0dfee55a4 100644
--- a/lib/Alchemy/Phrasea/Controller/Root/Session.php
+++ b/lib/Alchemy/Phrasea/Controller/Root/Session.php
@@ -41,7 +41,7 @@ class Session implements ControllerProviderInterface
          *
          * return       : JSON Response
          */
-        $controllers->get('/update/', $this->call('updateSession'))
+        $controllers->post('/update/', $this->call('updateSession'))
             ->bind('update_session');
 
         return $controllers;
@@ -56,6 +56,10 @@ class Session implements ControllerProviderInterface
      */
     public function updateSession(Application $app, Request $request)
     {
+        if(!$request->isXmlHttpRequest()) {
+            $app->abort(400);
+        }
+
         $ret = array(
             'status'  => 'unknown',
             'message' => '',