diff --git a/lib/Controller/WorkspaceController.php b/lib/Controller/WorkspaceController.php
index 0c58764c0c5..583f5d6d01d 100644
--- a/lib/Controller/WorkspaceController.php
+++ b/lib/Controller/WorkspaceController.php
@@ -130,8 +130,8 @@ public function publicFolder(string $shareToken, string $path = '/'): DataRespon
 			}
 			/** @psalm-suppress RedundantConditionGivenDocblockType */
 			if ($share->getPassword() !== null) {
-				$shareId = $this->session->get('public_link_authenticated');
-				if ($share->getId() !== $shareId) {
+				$shareIds = $this->session->get('public_link_authenticated');
+				if ($share->getId() !== $shareIds && (is_array($shareIds) && !in_array($share->getId(), $shareIds, true))) {
 					throw new ShareNotFound();
 				}
 			}
diff --git a/lib/Middleware/SessionMiddleware.php b/lib/Middleware/SessionMiddleware.php
index 6ed807ce4bc..523c159b4ff 100644
--- a/lib/Middleware/SessionMiddleware.php
+++ b/lib/Middleware/SessionMiddleware.php
@@ -141,8 +141,8 @@ private function assertUserOrShareToken(ISessionAwareController $controller): vo
 			}
 
 			if ($share->getPassword() !== null) {
-				$shareId = $this->session->get('public_link_authenticated');
-				if ($share->getId() !== $shareId) {
+				$shareIds = $this->session->get('public_link_authenticated');
+				if ($share->getId() !== $shareIds && (is_array($shareIds) && !in_array($share->getId(), $shareIds, true))) {
 					throw new InvalidSessionException();
 				}
 			}