From 94662c9b77946c0be3a8cc2a477a4b4a5308da48 Mon Sep 17 00:00:00 2001
From: Ylian Saint-Hilaire <ysainthilaire@hotmail.com>
Date: Tue, 21 Apr 2020 11:13:41 -0700
Subject: [PATCH] Fixed server crash in login request.

---
 webserver.js | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/webserver.js b/webserver.js
index 6ca70904..079da913 100644
--- a/webserver.js
+++ b/webserver.js
@@ -1933,7 +1933,7 @@ module.exports.CreateWebServer = function (parent, db, args, certificates) {
         if (hardwareKeyChallenge) { hwstate = obj.parent.encodeCookie({ u: req.session.tokenusername, p: req.session.tokenpassword, c: req.session.u2fchallenge }, obj.parent.loginCookieEncryptionKey) }
 
         // Check if we can use OTP tokens with email
-        var otpemail = (parent.mailserver != null) && (req.session.tokenemail);
+        var otpemail = (parent.mailserver != null) && (req.session != null) && (req.session.tokenemail != null);
         if ((typeof domain.passwordrequirements == 'object') && (domain.passwordrequirements.email2factor == false)) { otpemail = false; }
 
         // Render the login page