My question is similar to this:
Protected node not redirecting
except for the fact that the redirection process works fine when a user is logged in.
On the contrary, when an anonymous user tries to see a protected page, the page doesn't redirect properly.
here's the example: the culprit in action
(the password is "uuu").
I followed the suggestions for the above mentioned issue and tried some inspection in the module code without success.
the module is untouched and here follows the list of installed modules:
protected_node
rules
devel
mimemail
visitors
captcha
taxonomy_menu
statistics
token
simplenews
ckeditor
admin_menu
views
multiblock
i18n
gtranslate
ctools
cck
bbcode
simplenews_content_selection
Any suggestions?
regards,
R.
Comments
Comment #1
AlexisWilke commentedI went to your page and it didn't work, indeed. I can see a session identifier which makes me think that the session cookies are working just fine. However, when I enter the password and click OK, it comes back. This is the expected behavior when the password is accepted by somehow the page doesn't get unlocked.
I use the module on that site with the most famous top secret password: password1
http://gallery.m2osw.com/another-form-which-protected
As you can see it opens...
I use a similar set of modules as you, only I never use the devel or admin_menu. You could try to remove them and see whether you still have the problem. I really don't see why any other one would generate a problem otherwise.
Let me know whether these modules interfere and removing them fixes the problem.
Thank you.
Alexis Wilke
Comment #2
rikis commentedThanx very much for the reply!
I tried to deactivate all caches and following your directions uninstalled the modules devel and admin_menu (which I guess shouldn't matter as they are relevant only for the administrator) but the problem still remains.
Next days I'm setting up some dummy drupal installation and start checking for any problem or incompatibility step by step.
Meanwhile, if you happen to have some spare time you could lead me to try some modification in the code: I am a decent php programmer, even if I am still a novice when speaking about Drupal.
PS. could it be that the i18 module makes trouble with its translation sets?
R.
Comment #3
AlexisWilke commentedYes. i18n, if I recall properly, will eventually redirect you from one page to another. That could be a problem. But if you try to remove it, I'm afraid it could hurt your data!
Now testing with another install would be a good idea and create a page that has the same set of translation like the one you directed us to in this issue. That way you would replicate the problem exactly.
Anyway, if you can look at the code, the protected_node.module has a protected_node_init() function that checks whether the node is (still) locked. It calls the protected_node_is_locked() function for that purpose.
In that is locked function we check a session variable:
If that session variable never gets set, then the module will always prevent access to that node. Some other module could prevent the variable form getting set. This is done in the redirect functions which are found in:
protected_node/protected_node.redirect.inc
The very function setting the _SESSION variable is protected_node_enterpassword_submit(). The function just before that validates the data.
What you can do to check that it does (or not) go in those functions is use a watchdog() call. The drupal_set_message() may work too, although that does not always work as expected.
watchdog('rikis', 'validating...', array(), WATCHDOG_WARNING);
You may use WATCHDOG_ERROR as well. Then those messages will appear in your logs so you can see whether an expected code path is taken or not. For example, the validation may run properly but then someone else redirects the user in some way which means the user ends up back on the same password page because it has not been in the protected_node_enterpassword_submit() function and thus never got a chance to set the _SESSION variable.
Thank you.
Alexis
Comment #4
rikis commentedYour post was clear and the tips very precious, exactly what I was looking for!
As I cannot leave out the i18 module, after I check some dummy installation if it really is the one causing the ruckus I'll try to see what can I do.
Next days I'm digging in and hopefully post the outcome of my efforts...
Again thank you very much for your time and useful help!
Comment #5
rikis commentedI finally got the explanation: no module was creating conflicts. The reason was that in my Drupal Installation there was no user with uid "0" (the Anonymous user) in the table "users".
While debugging I noticed that every time the page was changing the SESSION variables were always cleared.
After some research I read in some post that's standard Drupal behavior: it links the $_SESSION variables to the uid in the users table. If there is no such entry for the Anonymous user (uid 0) the Sessions variables (or some of them?) are overwritten (cleared ?) while accessing pages.
After adding a record for the Anonymous user everything went ok and the module now works as expected.
Thanx for the support and help!
R.