From e694e878148259d544f2fef8cc8c43682312c3c7 Mon Sep 17 00:00:00 2001
From: Janne Mareike Koschinski <janne@kuschku.de>
Date: Fri, 22 Jul 2022 11:45:26 +0200
Subject: [PATCH] Prevent email verification from overriding existing sessions
 (#9075)

---
 src/components/structures/auth/Registration.tsx | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/src/components/structures/auth/Registration.tsx b/src/components/structures/auth/Registration.tsx
index 976f359961..42b64c8ac3 100644
--- a/src/components/structures/auth/Registration.tsx
+++ b/src/components/structures/auth/Registration.tsx
@@ -382,7 +382,8 @@ export default class Registration extends React.Component<IProps, IState> {
         const hasEmail = Boolean(this.state.formVals.email);
         const hasAccessToken = Boolean(response.access_token);
         debuglog("Registration: ui auth finished:", { hasEmail, hasAccessToken });
-        if (!hasEmail && hasAccessToken) {
+        // don’t log in if we found a session for a different user
+        if (!hasEmail && hasAccessToken && !newState.differentLoggedInUserId) {
             // we'll only try logging in if we either have no email to verify at all or we're the client that verified
             // the email, not the client that started the registration flow
             await this.props.onLoggedIn({