Incompatibility problem with module implementing hook_user('login')
fgm - February 24, 2009 - 17:46
| Project: | Secure Site |
| Version: | 6.x-2.2 |
| Component: | Code |
| Category: | bug report |
| Priority: | normal |
| Assigned: | Unassigned |
| Status: | needs review |
Description
I just ran into a compatibility problem with a module of mine, which uses hook_boot() to set up an SPL autoloader for some external code.
The problem lies in that _securesite_user_login(), which is triggered (indirectly) from securesite_boot, invokes user_authenticate_finalize(), which in turn invokes hook_login and therefore causes other modules' hook_login implementation to run, BEFORE their own hook_boot implementation, causing this type of problem.
An easy workaround is to set the module weight of securesite to 1 more than any other module implementing this hook, so maybe it should be done upon install (which wouldn't work for other modules installed later), or even simply documented.
#1
Try this patch.
#2
As a workaround, it looks fine. You could also save some code by just invoking securesite_update_6201() from securesite_enable(), since this is exactly the same code, inlined.
However, IMHO this does not really solve the issue, which is dependence on the login step during the boot step for the same session. If another module implements a similar system, it is likely that they will trip on each other.
Considering the role of Secure Site, maybe this can't be avoided, but then maybe it would be better in that case to have two independent loads be performed, one of them being minimal (emulated ?), and rolling just the S.S. login, and the other completing the normal login sequence with all hooks being fired normally. That way, the login/boot dependency loop could be opened. Just an idea...
#3
It may be a bug for modules to assume that log-in will only occur after boot is complete. However, I will look into to this more.