Come together with the global Drupal community in Rotterdam, 28 Sept – 1 Oct 2026. Sessions, contribution, connection, and Early Bird savings until 8 June.Hi guys :)
I've been working on integrating the Flag module with my site and have been having some problems with printing views containing flags for anonymous users. With the following code in my page.tpl.php, I've noticed that the SID is incrementing on every page load, only for anonymous users:
<?php
if ($user->uid == 0) {
print "Hello, anonymous! ";
print "It's " . date('H:i:s', time()) . " now. ";
print "Your SID is " . flag_get_sid() . " ";
print "and you've bookmarked " . flag_load('planner_items')->get_user_count(0, flag_get_sid()) . " nodes.";
}
?>I've also found the same problem in 6.x 1.x.dev.
Is this the intended functionality? Is there another way of identifying an anonymous user?
Thank you for your time,
Josh
| Comment | File | Size | Author |
|---|---|---|---|
| #5 | cookie_domain.diff | 566 bytes | mooffie |
Comments
Comment #1
mooffie commentedSubscribe.
(I'm a co-maintainer of Flag and I'd appreciate any help with this problem.)
Comment #2
jhedstromI'm actively developing a project with the Domain User Default module, and not seeing this issue. I haven't had time to test it with Flag, but looking at the code in flag_get_sid(), it is using the identical API function that domain user default uses.
Comment #3
mooffie commentedAnother user has encountered this bug.
We managed to trace the cause to the use of $cookie_domain.
Comment #4
mooffie commented(I too can see the bug now. Opera is immune to it, but when I switch to Firefox I see it.)
Comment #5
mooffie commentedHere's the patch. Explanation:
$cookie_domain is only valid on this condition(s)...
...this comment is taken from Drupal's conf_init() (in Drupal 7 it was renamed to drupal_settings_initialize()).
Now, the problem is that Session API doesn't check that the above conditions are met. So in case the host is "localhost", it uses an invalid cookie domain (".localhost") in the setcookie() call.
The patch fixes this by picking up the cookie domain Drupal eventually uses.
Comment #6
jhedstromThanks for tracking this down. Committed to dev.
Comment #7
jhedstromFixed in 7 as well. I've tagged new releases for both 6 and 7.
Comment #9
ju.ri commentedHello,
I have this exact problem on Drupal 6 with flags and anonymous users. If I upgrade to any version later that 1.2, the SID is bumped on every page load and the cookie "session_api_session" changes on every page load. Even if a PHP Session is created (-->no-cache), I still have the same problem (if the user is "anonymous"). For logged-in users all is fine.
So basically anonymous flagging does not work with session_api > version 1.2.
This is with Pantheon/Pressflow and Varnish, latest stable flag.module.
I hope it's ok to reopen this issue.
Comment #10
ju.ri commentedThis was actually a Varnish problem. Varnish removes any cookies from the request, if not configured otherwise.
I was able to solve this in my case by renaming the cookie from "session_api_session" to "SESSsessionapi" in session_api.module. This bypasses Varnish once the cookie is set, which is what we want in this case.
Comment #11
newtoidHi, i am using the latest dev version of session api and I am still experiencing this issue. I can flag content and then on refresh it is unflagged. I am also using pantheon.
Comment #12
newtoidok renaming the cookie worked, could this be set somewhere in the api admin screen then the module doesn't need to be hacked?
Comment #13
Baber Javed commented@david - how did you rename the cookie? Can you be more specific as I am trying to achieve the same without any luck