Hello,
I am not certain if this is an issue for the client or the server. We upgraded the sso server module to the newest version yesterday, since then we have 1 minor error with a Drupal 6 client website (the module was not updated, it was already using 6.x-1.6. Therefore I believe the error is on the client side. Note that multiple Drupal 7 client installs function perfectly with the new server module version.
You can test this error for yourself by registering with our Drupal 6 website as a normal community user.
www.quax.at/user. As soon as you register or update your profile remotely from the Drupal 6 client website, then you are logged out of the Drupal 6 site.
www.quax.at runs on Drupal 6 with $cookie_domain commented out in settings.php. The login cookie that is created uses "www.quax.at" (in addition to other irrelevant cookies). I remain logged in properly until I click to edit my account on the remote Drupal 7 server (http://community.quax.at - currently it is only used for central user management). It does not matter if I remotely save the profile or cancel, I am still logged out of the client site immediately.
The error is also reproduced when I log in to the Drupal 6 client site and then visit the Drupal 7 server site directly in a new tab and login. Refreshing the Drupal 6 client browser tab shows me as logged out.
Last facet, our Drupal 6 client functions as a multisite in one regard. We have a subdomain set up that uses the Drupal 6 client (http://.quax.at). When I log in to the subdomain and re-test the above scenarios, the cookie for the subdomain is properly managed and I stay logged in.
Therefore I believe that the cookie rules are conflicting, and I believe it is specific to the fact that www.quax.at is the base domain - and not a subdomain.
Any help is appreciated. Thank you.
Comments
Comment #1
jjchinquistCan anyone give any tips on how to backport changes from the D7 installation. I would like to get this taken care of and get a patch updated.
Comment #2
ckristo commentedduplicate of this bug : [#1649178: Session Cookie overwritten from D6 client] - For solution, see comment #1