diff --git a/lib/Controller/WorkspaceController.php b/lib/Controller/WorkspaceController.php
index ba6fed2aa8e..52ea5e843e9 100644
--- a/lib/Controller/WorkspaceController.php
+++ b/lib/Controller/WorkspaceController.php
@@ -131,8 +131,8 @@ public function publicFolder(string $shareToken, string $path = '/'): DataRespon
 			}
 			/** @psalm-suppress RedundantConditionGivenDocblockType */
 			if ($share->getPassword() !== null) {
-				$shareId = $this->session->get('public_link_authenticated');
-				if ($share->getId() !== $shareId) {
+				$shareIds = $this->session->get('public_link_authenticated');
+				if ($share->getId() !== $shareIds && (is_array($shareIds) && !in_array($share->getId(), $shareIds, true))) {
 					throw new ShareNotFound();
 				}
 			}
diff --git a/lib/Middleware/SessionMiddleware.php b/lib/Middleware/SessionMiddleware.php
index 17955455bed..fa9d4255c55 100644
--- a/lib/Middleware/SessionMiddleware.php
+++ b/lib/Middleware/SessionMiddleware.php
@@ -143,8 +143,8 @@ private function assertUserOrShareToken(ISessionAwareController $controller): vo
 			}
 
 			if ($share->getPassword() !== null) {
-				$shareId = $this->session->get('public_link_authenticated');
-				if ($share->getId() !== $shareId) {
+				$shareIds = $this->session->get('public_link_authenticated');
+				if ($share->getId() !== $shareIds && (is_array($shareIds) && !in_array($share->getId(), $shareIds, true))) {
 					throw new InvalidSessionException();
 				}
 			}