Closed (works as designed)
Project:
IP Login
Version:
6.x-1.2
Component:
Code
Priority:
Normal
Category:
Bug report
Assigned:
Unassigned
Reporter:
Created:
9 Feb 2009 at 18:01 UTC
Updated:
21 Jan 2010 at 13:07 UTC
The IP Login plugin wasn't letting people log out. I would click "log out", and it would log me out & log me in again. I noticed that my SESSxxxxxxxx cookie had a different value, so the $_SESSION variable was probably being reset too.
I fixed this in our install by modifying the IP Login plugin to set a session cookie instead of using the Drupal/PHP session. It's working fine.
I'm not sure if the session management was changed in Drupal core, or if anyone else is having this problem. Still, I thought I'd throw this out there. I can provide a patch if needed, but if were the only people with this problem for some reason, I'd rather not clutter up the patch list.
Comments
Comment #1
davidwhthomas commentedThis is actually a case of 'it's not a bug, it's a feature'
IP Login will log you in because you are accessing from the same IP address and that IP address will take precedence over user/pass authentication.
Feel free to patch your local install for your needs but I'm marking as by design.
Comment #2
csixty4 commentedYeah, our use case involves logging someone in as a generic content creator automatically, but then letting them log out and log in as a full-blown administrator if they need to.
I've got our local version patched, but I totally understand that we have different use cases.
Thanks!
Comment #3
gigimui commentedHi csixty4, my use case is similar to yours. Can you tell me which code you changed? Thanks!
Comment #4
tetramentis commentedFor the scenario of 'limited IP-based access with ability to login with username/password to get higher-level access' the http://drupal.org/project/ipAuthenticator module might be better. I'm having issues with it at the moment, but it does allow logging in (without even "logging out" from IP-authenticated account) with username/password.