Users are authenticated despite cookie check failure.
buntstich - February 7, 2009 - 16:53
| Project: | Cookie Check |
| Version: | 6.x-1.0 |
| Component: | Code |
| Category: | bug report |
| Priority: | critical |
| Assigned: | buntstich |
| Status: | closed |
Jump to:
Description
i also have install the admin and admin dropdown menu. If the cookies are disabled in the browser and i try to login, the module display an error message - ok. The problem is, all menu items of the navigation menu display in the sidbar, without access.
#1
This may be an issue with one or more of the other modules you are using. They may be displaying menus when they should not.
#2
Evan I have enabled Global Redirect to didn`t show links if someone is not log in, but it`s show -only with this module.
Thanks
#3
I have this error on a clean installation, only then cookie check is enabled. Sorry to admin menu :l
#4
Yeah, I had this bug, too, but in D5. The cookie check validator is not killing the user session that is established by the core login validator, so admin menu properly assumes that you're logged in.
In D5, You can add something like this to cookie_check.module before the form_set_error call:
global $user;
if ($user->uid > 0) {
sess_destroy_uid($user->uid);
$user = drupal_anonymous_user();
}
Haven't checked the D6 api, but it's probably the same or similar.
#5
This error results from adding the validation callback at the end of the array. It needs to come before 'user_login_authenticate_validate' so that it can register an error, preventing user authentication.
#6
Committed a fix.
#7
Automatically closed -- issue fixed for 2 weeks with no activity.