The saga still continues -- but finally I am very close to solution. I wonder if anybody has an idea to help me in the last meter/yard...<br><br>Forget about views causing the problem. I have found out that users (incl superadmin) are logged out when <u>images are displayed</u>!<br>
<br>For historical reasons, the site has tens of thousands images like e.g.<br>http://WWW.DOMAIN.TLD/en/system/files/images/image.jpg<br>which are in fact in<br>http://WWW.DOMAIN.TLD/sites/DOMAIN.TLD/files/images/image.jpg<br>
<br>And accessing any page (be it a view or node) that shows an image located in /system causes this logout.<br>I am sure about it - I blocked images in the browser, logged in, browsed happily, then in a different tab I loaded just the image http://WWW.DOMAIN.TLD/en/system/files/images/image.jpg and when I returned to the page I was logged in to, the following click was to an anonymous page.<br>
<br>I've spent hours looking at /admin/settings/file-system but it is simply providing the usual path site/DOMAIN.TLD/files and anyway, the image http://WWW.DOMAIN.TLD/en/system/files/images/image.jpg does
show to anonymous, so the private system works, it's just that it kills
the session.<br>I've allowed permission "view uploaded files" but again, that's not
important.<br>
<br>So the question is -- what could have caused change. <i>Why did
http://WWW.DOMAIN.TLD/en/system/files/images/image.jpg show for a year without a problem and now its mere appearance kills the user session.</i><br><br>I realize this thread possibly shifts from development / debugging issue to a support one, but I hope you can bear with me for the final run. It's been a crazy marathon with a site others have admin rights to so I had to discover and guess what they inadvertently changed... <br>
<br>Thanks for any tip,<br><br>.t<br><br><br><br>
<br><br><div class="gmail_quote">On Thu, Feb 25, 2010 at 01:05, Greg Knaddison <span dir="ltr"><<a href="mailto:greg.knaddison@gmail.com">greg.knaddison@gmail.com</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin: 0pt 0pt 0pt 0.8ex; border-left: 1px solid rgb(204, 204, 204); padding-left: 1ex;">
I'll bet on a<br>
<br>
$user->uid = 0;<br>
or<br>
$user = user_load(0);<br>
<br>
Somewhere in a view php block or theme code affecting your view. If<br>
that's it, see <a href="http://drupal.org/node/218104" target="_blank">http://drupal.org/node/218104</a><br>
<br>
Regards,<br>
Greg<br>
<br>
On Wed, Feb 24, 2010 at 5:03 PM, Tomáš Fülöpp (<a href="http://vacilando.org" target="_blank">vacilando.org</a>)<br>
<div><div></div><div class="h5"><<a href="mailto:tomi@vacilando.org">tomi@vacilando.org</a>> wrote:<br>
> Cameron, yes, something must've changed.. module or something else.<br>
><br>
> So, third day, still no luck. (I had to log in 600x today alone!)<br>
><br>
> But I found something for sure. It is related to Views (current stable<br>
> version). I stay logged in whenever browsing admin or content types, but<br>
> when I access a Views table, any of them (of profiles or content types<br>
> alike), suddenly I am logged out. There is no "access denied", because these<br>
> views are all public (unrestricted permissions), they do show, but there are<br>
> no admin links etc around on that moment. And nothing in php log, nothing<br>
> useful in watchdog. Like usually in despair in small hours, I start to<br>
> consider the work of black magic.... :-(<br>
><br>
> Thanks in any case to those who've added their 2 cents of ideas.<br>
><br>
><br>
><br>
><br>
> On Wed, Feb 24, 2010 at 16:15, Cameron Eagans <<a href="mailto:cweagans@gmail.com">cweagans@gmail.com</a>> wrote:<br>
>><br>
>> If the site has been working for a year now without any problems,<br>
>> something had to change, right? What changed? New modules maybe? What<br>
>> modules do you have installed? Maybe one of them is dumping your session or<br>
>> something.<br>
>><br>
>> On Wed, Feb 24, 2010 at 7:55 AM, Tomáš Fülöpp (<a href="http://vacilando.org" target="_blank">vacilando.org</a>)<br>
>> <<a href="mailto:tomi@vacilando.org">tomi@vacilando.org</a>> wrote:<br>
>>><br>
>>> Good idea, Mark. Checked time zone -- but it is correct. Anyway, if that<br>
>>> were the problem then it would not work in maintenance mode, I assume.<br>
>>><br>
>>><br>
>>><br>
>>> On Wed, Feb 24, 2010 at 15:27, Mark Noble <<a href="mailto:mark-d-noble@comcast.net">mark-d-noble@comcast.net</a>><br>
>>> wrote:<br>
>>>><br>
>>>> It's possible that it is a time zone issue / session length issue. We<br>
>>>> were having a problem on another (non-Drupal site) where the user would be<br>
>>>> logged out immediately or in a very short time. It turned out that their<br>
>>>> timezone settings were incorrect which caused the cookie to expire<br>
>>>> immediately rather than after our one hour default session length. Fixing<br>
>>>> the timezone worked as did increasing the default session length.<br>
>>>><br>
>>>> Regards,<br>
>>>> Mark Noble<br>
>>>><br>
>>>> On 2/24/2010 5:29 AM, Tomáš Fülöpp (<a href="http://vacilando.org" target="_blank">vacilando.org</a>) wrote:<br>
>>>><br>
>>>> Hi,<br>
>>>><br>
>>>> Thanks for the quick comments. Quick replies:<br>
>>>><br>
>>>> It may be a cookie problem, but only in ways I am not understanding. It<br>
>>>> is not the case of blocked cookies in browser. After all, many other Drupal<br>
>>>> sites, same version, work.<br>
>>>> User table record 0 (anon) is intact, so is record 1 (admin).<br>
>>>> Setting cookie domain with www - tried, but no effect. After all, it's<br>
>>>> been working for more than a year without www.<br>
>>>> Corrupt session table? I don't think so -- as I said, I truncated it.<br>
>>>> Also ran analysis and repair on it, and on all other tables as well, in<br>
>>>> fact.<br>
>>>><br>
>>>> Now, there is some progress. I have set the site to maintenance mode by<br>
>>>> setting the "site_offline" variable.<br>
>>>> SURPRISE - I am not being kicked out of the session! Tried all sorts of<br>
>>>> things - access rebuild, cache clearing, switching off all but bare<br>
>>>> necessary modules, opening and saving permissions page and the admin user<br>
>>>> account, etc., logical and illogical things.<br>
>>>><br>
>>>> Still, however, when I set the site out of the maintenance mode, it<br>
>>>> kicks me out of the session on second or third click. Sometimes more clicks.<br>
>>>> I think I went up to 5.<br>
>>>><br>
>>>> I wonder why should it work in maintenance mode but not without it?<br>
>>>> Cookies seem to be OK, right? Session table as well. It must be something<br>
>>>> else.. but what?<br>
>>>> This is the crucial question: What is special about the maintenance mode<br>
>>>> that could be causing this difference? This should narrow down the possible<br>
>>>> causes.<br>
>>>><br>
>>>> Thanks for any further ideas...<br>
>>>><br>
>>>> Tomáš<br>
>>>><br>
>>>> PS Btw, I've also installed the dev version of D6 (because of the menu<br>
>>>> router problem, which I was experiencing in D6.15 and I suspected that could<br>
>>>> be a problem), but it did not help.<br>
>>>><br>
>>>><br>
>>>><br>
>>>><br>
>>>><br>
>>>><br>
>>>> On Wed, Feb 24, 2010 at 04:31, Don <<a href="mailto:donald@fane.com">donald@fane.com</a>> wrote:<br>
>>>>><br>
>>>>> I've seen a corrupt sessions MySQL table cause problems too.<br>
>>>>><br>
>>>>> -Don-<br>
>>>>><br>
>>>>> On 2/23/2010 9:57 PM, Randy Fay wrote:<br>
>>>>><br>
>>>>> Since this *really* sounds just like the "cookies not enabled in<br>
>>>>> browser" situation, I just wanted to mention something I'm sure you already<br>
>>>>> tried, which is accessing it from a different browser or computer.<br>
>>>>><br>
>>>>> It's trivial to make all drupal logins stop working: You just turn off<br>
>>>>> cookies in the browser, and it works just like you're describing.<br>
>>>>><br>
>>>>> -Randy<br>
>>>>><br>
>>>>> On Tue, Feb 23, 2010 at 5:30 PM, <a href="mailto:larry@garfieldtech.com">larry@garfieldtech.com</a><br>
>>>>> <<a href="mailto:larry@garfieldtech.com">larry@garfieldtech.com</a>> wrote:<br>
>>>>>><br>
>>>>>> You can always edit the database directly.<br>
>>>>>><br>
>>>>>> It sounds like a cookie problem, though. Try setting the cookie<br>
>>>>>> domain explicitly in your settings.php file to just <a href="http://example.com" target="_blank">example.com</a> (not<br>
>>>>>> <a href="http://www.example.com" target="_blank">www.example.com</a>, or whatever).<br>
>>>>>><br>
>>>>>> Also, check to make sure that uid 0 is still intact in the database.<br>
>>>>>> That's another common source of weirdness, in my experience.<br>
>>>>>><br>
>>>>>> --Larry Garfield<br>
>>>>>><br>
>>>>>> Tomáš Fülöpp (<a href="http://vacilando.org" target="_blank">vacilando.org</a>) wrote:<br>
>>>>>>><br>
>>>>>>> Hi,<br>
>>>>>>><br>
>>>>>>> Is there a backdoor way to force admin login if everything fails?<br>
>>>>>>> Something like the way $update_free_access is changed to TRUE to allow<br>
>>>>>>> running update.php....?<br>
>>>>>>><br>
>>>>>>> A client got locked out of D6.15 completely, including admin. Login<br>
>>>>>>> seems to work (I see admin only links on logon), cookies are set, but only<br>
>>>>>>> on the initial page.... any subsequent click is treated as done by an<br>
>>>>>>> anonymous user (checked the watchdog this way). I've cleared all browser<br>
>>>>>>> caches, Drupal caches via the db, also the Drupal sessions table, checked<br>
>>>>>>> the cookie domain, the admin user record exists in the user table, etc. in<br>
>>>>>>> settings.php, deleted and re-uploaded D6.15. Nothing in the php logs.<br>
>>>>>>> Nothing unusual in watchdog - just access denied by anonymous... Spent an<br>
>>>>>>> equivalent of a day on this but I know there is a ton of things I can still<br>
>>>>>>> try - e.g. rebuild access rights. But I do need to log in first, only by<br>
>>>>>>> myself. So... is there a way to force admin login? Cannot find this info<br>
>>>>>>> anywhere.<br>
>>>>>>><br>
>>>>>>> Thanks!<br>
>>>>>>><br>
>>>>>>> Tomáš<br>
>>>>>>><br>
>>>>><br>
>>>>><br>
>>>>><br>
>>>>> --<br>
>>>>> Randy Fay<br>
>>>>> Drupal Development, troubleshooting, and debugging<br>
>>>>> <a href="mailto:randy@randyfay.com">randy@randyfay.com</a><br>
>>>>> +1 970.462.7450<br>
>>>>><br>
>>>>><br>
>>>><br>
>>><br>
>><br>
><br>
><br>
<br>
<br>
<br>
</div></div><font color="#888888">--<br>
Greg Knaddison | 303-800-5623 | <a href="http://growingventuresolutions.com" target="_blank">http://growingventuresolutions.com</a><br>
Mastering Drupal - <a href="http://www.masteringdrupal.com" target="_blank">http://www.masteringdrupal.com</a><br>
</font></blockquote></div><br>