Reproducing 'login does not stick' error - what does an expert want me to do?
Good evening all. I'm running the latest 4.7 code (cvs up as of tonight). I have finally managed to reproduce a problem that several of my users have reported, and one that I see chatter on in the d.o forums. It is the/a problem where you log in with a valid username/password, you appear in the list of users that are on-line, but the login does not 'take' and you are given an access denied screen when redirected to path user/##. I have riddled session.inc with watchdog statements and am willing to install whatever code a core developer may want me to run to gather evidence. This is running to the development version of my site, so I have a lot of leeway on what I can install. I can authenticate and create new sessions just fine in FF 2.0. IE7, running on the same physical box, will not complete the authentication. From my watchdog logs I see that the session is being regenerated as part of processing the login form. The new session id is written to the database, then sess_close() is called, then the page continues loading and creates a new session for an anonymous user. From reading the d.o forums I gather this problem may have continued into D5 RC 1, but it was not clear if it was fixed in the final version. If one of you is looking for information on this problem, I think I'm in a position to provide it. Scott
Zohar Stolar wrote:
Scott McLewin wrote:
I'm running the latest 4.7 code (cvs up as of tonight). I have finally managed to reproduce a problem that several of my users have reported, and one that I see chatter on in the d.o forums. It is the/a problem where you log in with a valid username/password, you appear in the list of users that are on-line, but the login does not 'take' and you are given an access denied screen when redirected to path user/##.
I can authenticate and create new sessions just fine in FF 2.0. IE7, running on the same physical box, will not complete the authentication.
I had the same problem and couldn't find enough documentation or hints in D.O. forums.
Finally, after spending lots of time on finding a solution, I found an ugly hack. Yep, When one hasn't the time needed for a good solution, one finds ugly hack and hopes the problem disappear in the next release :-[ .
My observation was that IE ignores the cookies sometimes, regardless of the privacy settings. What I did was to:
<uglyHack>
Through sites/default/settings.php and .htaccess, I forced the URL to always redirect to http://mysite.com (no www)
</uglyHack>
Then people stopped calling me for that problem...
I know this solution might offend certain core developers, but I beg for mercy, as I really needed a quick solution :-(
Drupal.org is doing that for years, so it can't be that bad. :p Cheers, Gerhard
On Thursday 25 January 2007 15:15, Scott McLewin wrote:
From reading the d.o forums I gather this problem may have continued into D5 RC 1, but it was not clear if it was fixed in the final version.
Hello Scott: Apparently, it has not been fixed, though I am not sure what follows is related to what you are talking. I just ran into this problem when updating from RC1 or 2 to today's DRUPAL-5. That code had been added in between (#28): http://drupal.org/node/108663#comment-178040 Here's the solution I have adopted (#55): http://drupal.org/node/108663#comment-184698 Augustin. P.s. A note to Zohar Stolar who replied in this thread: can you please NOT use HTML emails but plain text only? Thanks. -- http://www.wechange.org/ Because we and the world need to change. http://www.reuniting.info/ Intimate Relationships, peace and harmony in the couple.
It looks like the extra code was added to settings.php in the latest security release of 4.7.6. Thanks to those responsible! - Alan On 1/25/07, Augustin (Beginner) <drupal.beginner@wechange.org> wrote:
On Thursday 25 January 2007 15:15, Scott McLewin wrote:
From reading the d.o forums I gather this problem may have continued into D5 RC 1, but it was not clear if it was fixed in the final version.
Hello Scott:
Apparently, it has not been fixed, though I am not sure what follows is related to what you are talking.
I just ran into this problem when updating from RC1 or 2 to today's DRUPAL-5. That code had been added in between (#28): http://drupal.org/node/108663#comment-178040
Here's the solution I have adopted (#55): http://drupal.org/node/108663#comment-184698
-- Alan Dixon, Web Developer http://alan.g.dixon.googlepages.com/
participants (5)
-
Alan Dixon -
Augustin (Beginner) -
Gerhard Killesreiter -
Scott McLewin -
Zohar Stolar