The IP Login plugin wasn't letting people log out. I would click "log out", and it would log me out & log me in again. I noticed that my SESSxxxxxxxx cookie had a different value, so the $_SESSION variable was probably being reset too.

I fixed this in our install by modifying the IP Login plugin to set a session cookie instead of using the Drupal/PHP session. It's working fine.

I'm not sure if the session management was changed in Drupal core, or if anyone else is having this problem. Still, I thought I'd throw this out there. I can provide a patch if needed, but if were the only people with this problem for some reason, I'd rather not clutter up the patch list.

Comments

davidwhthomas’s picture

Status: Active » Closed (works as designed)

This is actually a case of 'it's not a bug, it's a feature'

IP Login will log you in because you are accessing from the same IP address and that IP address will take precedence over user/pass authentication.

Feel free to patch your local install for your needs but I'm marking as by design.

csixty4’s picture

Yeah, our use case involves logging someone in as a generic content creator automatically, but then letting them log out and log in as a full-blown administrator if they need to.

I've got our local version patched, but I totally understand that we have different use cases.

Thanks!

gigimui’s picture

Hi csixty4, my use case is similar to yours. Can you tell me which code you changed? Thanks!

tetramentis’s picture

For the scenario of 'limited IP-based access with ability to login with username/password to get higher-level access' the http://drupal.org/project/ipAuthenticator module might be better. I'm having issues with it at the moment, but it does allow logging in (without even "logging out" from IP-authenticated account) with username/password.