From 7cb5b664258ae46b706ea3e7ff88ea820af81bf0 Mon Sep 17 00:00:00 2001
From: Ere Maijala <ere.maijala@helsinki.fi>
Date: Thu, 30 May 2024 11:14:58 +0300
Subject: [PATCH] Don't create RateLimiterManager before the event fires.

---
 module/VuFind/src/VuFind/Bootstrapper.php | 11 ++++++-----
 1 file changed, 6 insertions(+), 5 deletions(-)

diff --git a/module/VuFind/src/VuFind/Bootstrapper.php b/module/VuFind/src/VuFind/Bootstrapper.php
index 1949b4ee9ef..cebdf511360 100644
--- a/module/VuFind/src/VuFind/Bootstrapper.php
+++ b/module/VuFind/src/VuFind/Bootstrapper.php
@@ -385,11 +385,12 @@ protected function initRateLimiter(): void
         if (PHP_SAPI === 'cli') {
             return;
         }
-        $rateLimiterManager = $this->container->get(\VuFind\RateLimiter\RateLimiterManager::class);
-        if (!$rateLimiterManager->isEnabled()) {
-            return;
-        }
-        $callback = function ($event) use ($rateLimiterManager) {
+        $callback = function ($event) {
+            // Create rate limiter manager here so that we don't e.g. initialize the session too early:
+            $rateLimiterManager = $this->container->get(\VuFind\RateLimiter\RateLimiterManager::class);
+            if (!$rateLimiterManager->isEnabled()) {
+                return;
+            }
             $result = $rateLimiterManager->check($event);
             if (!$result['allow']) {
                 $response = $event->getResponse();