Hi Annet, thank you for your response, I'll interleave my replies to your lines.
2009/5/13 Annet de Boer maiasaura@gmx.net:
Hi Francesco,
I'm not an expert on this subject, but I know there are several ways of authenticating users. Cookies can be disabled by browsers, so there are other ways (not necessarily better) like storing session ID's in URLs, for example. I don't know if the cookie gets stored on your proxy (but i believe this is possible, technically speaking)
I knew that other authentication methods were possible, my perplexity is about the fact that, as far as I know, Drupal relies on cookies alone, by default - and my test installations were plain, unmodified Drupal 6.10. Also, I've checked the URLs and no session ID appears there. My proxy must be definitely storing cookies for my connections.
isn't there an IT department or other system admin that can tell you more about that maybe (somebody who installed the proxy I mean)?
Unfortunately, I cannot rely on my ISP advice - I must cope with it because I knew in advance that the service was provided as-is, with no support whatsoever.
I assume once the host checks for cookies and none is found or is saved, they use a different method of authentication.
That's exactly what I thought in a first time, but taking the default behavior of Drupal for granted, I believe it relies on cookies alone.
Now the tests you did, in my eyes, seem a bit odd. Like, the normal behaviour would be to log out, before switching to a different connection, and also, your IP changes when you switch so it's not really strange that you get thrown out.
But actually my question is, what is exactly the case? In your first post it seemed the problem was you couldn't connect to several drupal sites when you use a proxy-connection, but on one you could and they were all the same drupal version? I'm not sure now. Can you be more specific on the exact question you have? Or maybe somebody else knows anything that might help?
Yes, all installations were plain 6.10 version. I'll re-expose the tests below, I'm not sure that I've fully explained them the first time.
I also remember there's an option in IE that says "bypass proxy for local addresses", now i don't know if the site where it works is 'local' for you, but if this option is checked maybe that could also make it work differently.
I do use that option in Firefox, actually, all local installations work perfectly, the problem appears only with (some) published sites.
Here are the test results exposed in another way:
| LP | LN | CP | CN | P>N | N>P | Drupal installed on: | NO | YES | N.A.| YES | N.A.| YES | toscana-offerte.com/drupal | YES | YES | NO | YES | NO | NO | frasic.altervista.org
Legend: LP - Can log in with proxy-connection LN - Can log in with normal-connection CP - Cookie gets set with proxy-connection CN - Cookie gets set with normal-connection P>N - Can keep logged in switching from proxy-connection to normal-connection N>P - Can keep logged in switching from normal-connection to proxy connection
Note: - on the first site, CP and P>N are "not applicable" because I cannot log in in first instance. - with "cookie gets set" I mean "gets set locally on my PC". I'm planning another test in order to check if my proxy server is storing cookies for me, more about that at the bottom of this message.
Actually, the above does not expose all the tests I did, hence I'm rearranging (a bit) the texts I've sent in my previous message - I'm also adding some suppositions in square brackets, all the points are plain facts, I've double checked them:
---------------------------- on frasic.altervista.org (and on other drupal installations on the same server):
A - I can log in with the proxy connection, no cookie gets set, I keep logged in [ I suppose the cookie gets set on the proxy server ]
B - I switch to the normal connection without logging out and I get thrown out [ I suppose that with normal connection, Drupal expects a cookie to be sent back from my PC, while with the proxy connection, it must be the proxy server the one who is sending it back ]
C - I log in with the normal connection, a session cookie gets set, I keep logged in [ that should be the normal behavior ]
D - I switch to the proxy connection without logging out and I get thrown out [ although there is a cookie in my PC in this very moment...]
E - I am not able to log in any more with the proxy connection if I don't delete the session cookie. Once deleted, I can log in again and keep logged in as usual. [ this must mean that the cookie does actually get sent to Drupal, but evidently it must be considered an invalid cookie ]
------------------------------------
on drupal.org or on toscana-offerte.com/drupal:
F - I can log in with the normal connection, a session cookie gets set and I keep logged in. [ just fine ]
G - I can switch to the proxy connection and keep logged in, but if I delete the session cookie I get thrown out again [ and just fine once again ]
-------------------
I think I'll do some tests more, I'll try to hack some core function in order to display the cookies it is using on the pages it will render. I'll get back here again once I'll be done with those tests.
I'll dig my way to find the right function to hack, I was about to ask for a pointer but I think it will be more instructive to find it by myself - this should help me understanding better the Drupal flow of calls.
Shall somebody be interested in deeper details about the proxy connection I'm using, please ask for them in a private message, I'm not comfortable disclosing such details in public.
Thank you all once again for your interest and your attention - and for your patience! I happen to be verbose and redundant at very least ;-)
Have good time, long life to Drupal Francesco