[Security] changed order of checks to check for more specific things first

1 files changed, 8 insertions, 8 deletions

diff --git a/Http/Firewall/AbstractAuthenticationListener.php b/Http/Firewall/AbstractAuthenticationListener.php
index 52aff57..f5969d8 100644
--- a/Http/Firewall/AbstractAuthenticationListener.php
+++ b/Http/Firewall/AbstractAuthenticationListener.php
@@ -126,19 +126,19 @@ abstract class AbstractAuthenticationListener implements ListenerInterface
             return;
         }
 
-        try {
-            if (null === $returnValue = $this->attemptAuthentication($request)) {
-                return;
-            }
-
-            if (!$request->hasSession()) {
-                throw new \RuntimeException('This authentication method requires a session.');
-            }
+        if (!$request->hasSession()) {
+            throw new \RuntimeException('This authentication method requires a session.');
+        }
 
+        try {
             if (!$request->hasPreviousSession()) {
                 throw new SessionUnavailableException('Your session has timed-out, or you have disabled cookies.');
             }
 
+            if (null === $returnValue = $this->attemptAuthentication($request)) {
+                return;
+            }
+
             if ($returnValue instanceof TokenInterface) {
                 $this->sessionStrategy->onAuthentication($request, $returnValue);