Background info: In building a new site from scratch, we have everything on a dev domain, master.dev.website.com, which is aliased in the sites/sites.php file to website.com. All was working well until we deployed to the staging server for testing, which would be website.com.
When users try to login on website.com, they can login just fine, and it sends them to /user/1 just fine, and is logged in. If you try to access /admin with the site admin, it says access denied. If you look in the source, the class "not-logged-in" is on the body( it says "logged-in" on the /user* pages). Additionally, the server being deployed to is in a completely different timezone, that is 7 hours ahead of the dev server. Would there be any timezone issues here that drupal cannot cope with for sessions? This doesn't really make sense to me if they are able to log in.
Tried:
- drush cc all
- Chrome incognito mode to eliminate old cookie/session issues
- find/replace dev domain with staging domain on the SQL dump
- hardcoding the baseurl in settings.php
- hardcoding the cookiedomain in settings.php
Any other ideas? I have a weird feeling this is cookie related or there is some kind of old cache stored in the sites/website.com/files directory that I am unaware of. Are there any obvious cookies aside from the session one that Drupal assigns?
Comments
Clean URL's
See if its a clean url's issue. Can you go to ?q=admin
Still Access Denied
All url's on the site work fine - its just an issue with where authenticated users can go. Right now, the only protected content they can see is /user
Solved
I have a feeling it was a clash with how the user logged in times were stored in the database when checking permissions. Its not being stored in UTC and referred to by the user's time.
Thanks!