Jump to:
| Project: | Shared Sign-On |
| Version: | 6.x-1.3 |
| Component: | Code |
| Category: | bug report |
| Priority: | minor |
| Assigned: | chastytilayne |
| Status: | active |
| Issue tags: | $_SESSION, array, authentification, infinite, loop, redirect, shared sign on |
Issue Summary
its a groovy module for sure. anyways. so got caught with this myself a week ago.
if you are logged in, everything is fine. but as anonymous user you get this infinite loop. google hated that.. i left it up for a day and a half cuz i didnt check the anonymous point of view. ouch for SERP whatever.
i think the bug is in this statement on line 96. of the .module file.
if (empty($_SESSION['singlesignon_prior_sid']) || $_SESSION['singlesignon_prior_sid'] != session_id())
anyways. so i am posting cuz for me at least it worked
i included my include_once'd out file with debug statements and a work around manually setting cookies. which works fine for me and my couple few sites that rely on this.
note, before i tried to merge my user base by sharing the users tables, etc. shared sign on was working fine.
i gave up on the user thing for now, due to above mentioned redirect loop and google unhappiness .. when i went back to seperate user bases, no shared tables, etc. i couldnt get shared sign on to work at all. if i goto the master site i can log in fine, and then goto the other sites.
ive read up on this here (d.org) and lotsa people seem to get this redirect happening.
fow what its worth.
please no flames. i realize that the code is not drupalish and all that good stuff. but maybe someone who knows arrays and the way drupal handles session variables can peep this
| Attachment | Size |
|---|---|
| singlesignon_sessioncheck.inc_.txt | 3.33 KB |
Comments
#1
oh, one more thing. about the array deal. thats just a guess. looking at the $_SESSION deal .. i am not sure of the syntax for set comparisons or whatever. i manually set and read a cookie in this function and it works.
$_SESSION['singlesignon_prior_sid'][] something in there? it occurs elsewhere in the module code, and when testing this the variable kept coming back empty. (see attached file for debug statements)
the first part of this if statement i dont get either.
the (if empty) part combined with or !=
it doesnt seem that if the session variable is empty there is anyway it could equal the session_id() either ..??
so i omitted it. if anyone sees that as a bad move please let me know.
or the setting my own cookie bit.
no editing bugs it looks like
sorry i am commenting on my own post.
and i know i talk too much
;)
#2
thanks... seems to work fine