Problem/Motivation
With r4032login on a quite complex Pressflow-based site, we don't see the r4032login_display_denied_message on redirect to the login form.
Without digging much further I can't confirm exactly what the issue is. But one point about Pressflow is that it's much less likely to create (or indeed save) $_SESSION scopes: I think this in part helps it avoid creating SESSID cookies that prevent e.g. Varnish from working as a cacheing layer.
So unless session_write_close() is explicitly called (which notably drupal_goto() does towards the end), then exit() prevents it from being implicitly called as a registered shutdown function. As a result, then because drupal_set_message() uses $_SESSION as its storage mechanism, the message is lost.
Proposed resolution
The code suggests that header()/exit() is being used because "using drupal_goto() with destination set causes a recursive redirect loop". We can definitely repeat that; but instead of tackling it by using the lower-level PHP functions, we propose unset()ing $_REQUEST['destination'] as a less impactful way to break the loop.
I'll attach a simple patch to the first comment so we get the patch naming convention right.
Remaining tasks
Testing on standard Drupal 6, to ensure we still avoid any redirect loops.
User interface changes
None. This should be a completely transparent change.
API changes
None. This should be a completely transparent change.
Related Issues
This behaviour was also seen in Drupal 7, which I think implements better session handling than D6 (by copying Pressflow? that would explain a lot if so): #1102938: The custom message sent through the drupal_set_message does not display
| Comment | File | Size | Author |
|---|---|---|---|
| #2 | r4032login-pressflow-drupal_set_message-1995512-2.patch | 855 bytes | jp.stacey |
| #1 | r4032login-pressflow-drupal_set_message-1995512-1.patch | 885 bytes | jp.stacey |
Comments
Comment #1
jp.stacey commentedPatch attached for comments/testing.
Comment #2
jp.stacey commentedThe patch above changes the syntax of the URL from
user/login?destination=...touser/login?query=destination%2D.... This is becauseurl()anddrupal_goto()have subtle differences in their arguments.Revised patch attached.
Comment #3
pwolanin commentedLooks like the code has changed in the module (patch needs a re-roll), but I think this is the right approach
Comment #4
pwolanin commentedThis seems to already be fixed in the latest code in git.
maybe was this issue: #339120: Redirect issues
see e.g. http://drupalcode.org/project/r4032login.git/commitdiff/5607949?hp=f93b7...
Comment #4.0
pwolanin commentedadding an explanatory note to why it's significant that D7 might copy session management from Pressflow rather than D6