Hi!

I have moved my drupal 4.7 site from server with PHP4 to server with PHP5. After repair the first big problem (http://drupal.org/node/164557) takes place the second big problem

Before of the events described below, I add the line $GLOBALS['tempUser'] = $user; in the index.php (http://drupal.org/node/6696#comment-198054)

And I delete cookies and truncate various tables of database (watchdog, session, cache, acceslog)

Login with admin user (ID=1) with all privileges. I can administer settings of the site (modules, taxonomy, blocks...) normally. I cannot create, delete or edit nodes. When I push "submit" or "delete" button, I automatically logout of the system and Drupal redirects me to "Acces denied" page.

Login with user 2. This user haven't administer permissions. I can create or edit nodes. I cannot delete nodes, happens the same thing: click "delete" and automatically logout and "Acces denied" page

With gallery module disabled the problem don't fix

What's the problem? Thx!

Comments

delineas’s picture

More about this

When I give permission of "administer nodes" to some user, the problem of logout and acces denied start for this user.

Ideas? Thanks!

budda’s picture

I've just had the very same experience with the different users and different actions causing an access denied message! It's quite frustrating. Have you made any progress since August?

catch’s picture

You need to update your site to the very latest release of 4.7.x - it has a fix for this.

budda’s picture

I've been applying security updates as they were released. Checking the latest 4.7.7 - what is the fix for this problem?

catch’s picture

It was in .5 or .6, don't remember details but it worked for me.

budda’s picture

Here's the fix! edit the includes/session.inc file and look for the function sess_read($key) { line. Then stick the register_shutdown_function('session_write_close'); just below as indicated in the example source snippet below.

 function sess_read($key) {
   global $user;
 
  // Write and Close handlers are called after destructing objects since PHP 5.0.5
  // Thus destructors can use sessions but session handler can't use objects.
  // So we are moving session closure before destructing objects.
  register_shutdown_function('session_write_close');

A patch file is available from http://drupal.org/files/issues/session_2.patch

--
Ixis (UK) providing Drupal consultancy and Drupal theme design.

jkirkwood’s picture

Many thanks to delineas for getting these issues together in one place, and to budda for giving the final piece to the jigsaw. This thread definitely fixed my issues (post PHP upgrade from 4 to 5 without notification from hosting company!).

'Working to make a difference' (work in progress - http://www.epnetwork.org)