Download & Extend
Webserver authentication » Issues

"login" never occurs

Posted by ronnqvist on April 20, 2007 at 4:06pm
Project:Webserver authentication
Version:6.x-1.x-dev
Component:Code
Category:bug report
Priority:normal
Assigned:Unassigned
Status:needs review

Issue Summary

I've noticed that there's never any "login" event marked in the log when using webserver_auth, only logout in case the user pushed that link. This also means trouble if you're using a module utilising hook_user('login'), since the 'login' event never occurs.

(I'm using a patched version for Drupal 5: http://drupal.org/node/109576 )

Login or register to post comments

Comments

#1

Posted by xamanu on September 3, 2008 at 9:32pm
Version:master» 5.x-0.0

still doesn't work.
is there a reason for that?
i'd need to use that. would you accept a patch?

#2

Posted by xamanu on September 4, 2008 at 3:22pm

ok. probably we dont want to do this because it would run on every users click, right.

#3

Posted by Paul Kishimoto on September 21, 2008 at 7:54pm

@xamanu: I'm not sure. The 6.x version checks if the user has an ongoing session; if so they are not logged in again. Thus a first page load could be a "login" event; and the remainder would NOT. Also, the fact that webserver_auth 5.x doesn't log the event doesn't mean that the hook isn't fired. An easy way to check this would be to write your own very basic module with an implementation of hook_user('login') that prints some junk via drupal_set_message().

Some background: I wrote the 6.x-1.x branch, which is a substantial rewrite of the module, so I'm not too familiar with the 5.x code.

So, some questions:

  • Can you upgrade to 6.x? If you're lazy, little sympathy. If you're waiting for a port of a crucial module, lots of sympathy.
  • Is this actually against 5.x-0.0? Have you tested with 5.x-1.x-dev?
  • What are you trying to do via hook_user('login')?

#4

Posted by xamanu on November 17, 2009 at 12:25pm
Status:active» closed (fixed)

thanks for your help. this was solved a long time ago. sorry for not closing this. doing it now.

#5

Posted by cpliakas on March 14, 2011 at 6:11pm
Version:5.x-0.0» 6.x-1.x-dev
Status:closed (fixed)» active

I am reopening this issue because I can confirm that the login operation never occurs in the current 6.x stable version of the module. See the attached screenshots where I dsm()'ed the $op variable in a hook_user implementation when logging in via HTTP authentication. Looking through webserver_auth_init(), the two functions that are used in authentication, user_external_load() and user_external_login_register(), never invoke the login operation for hook_user().

Thanks,
Chris

AttachmentSize
webserver-auth-login-1.png 99.81 KB
webserver-auth-login-2.png 30.94 KB

#6

Posted by cpliakas on March 14, 2011 at 6:28pm
Status:active» needs review

The attached patch attempts the solve the issue, and the login operation is invoked correctly in most cases. The theory of the patch is that if a user is logging in, they won't have a valid session stored in the sessions table. The edge case is if the user logs out via whatever SSO system is being used then logs in again shortly thereafter before the Drupal session expires, the hook won't be invoked when the user revisits the Drupal site. Since it is likely that the user will log out without Drupal knowing it, this is a definitely possibility and probably unavoidable.

Thanks,
Chris

AttachmentSize
webserver_auth-137919-6.patch 1.5 KB

#7

Posted by cpliakas on March 17, 2011 at 3:13pm

Same patch, but fixed a typo in a comment.

AttachmentSize
webserver_auth-137919-7.patch 1.5 KB
nobody click here