Come together with the global Drupal community in Rotterdam, 28 Sept – 1 Oct 2026. Sessions, contribution, connection, and Early Bird savings until 8 June.I suspect that this is in some way related to #442782: Limit the number of PL records in the database per user. If I log in with "Remember me" checked in one browser, then do the same in another browser, and finally return to the site in the first browser, I find that I have been logged out. It would seem that more than one PL session cannot exist at once, at least for me (user #1).
Looking at the database, it looks like a new "series" and "token" are generated with each login, and simply replace the existing series and token data for me. Oddly however, I do see one user with multiple entries. Any ideas why it would work for them and not for me?
Comments
Comment #1
danepowell commentedIt should be noted that I am logging in in conjunction with CAS, which could very well have something to do with it - see #384756: Compatibility with Persistent Login
Comment #2
markus_petrux commentedJust to confirm it might be related to CAS, could you please try disabling CAS and see if it happens to you using PL alone?
Comment #3
danepowell commentedI guess I should have done that right off :) It does seem to be specific to CAS. Traditional logins work fine across multiple browsers.
Is there anything else that CAS would need to do besides invoking hook_user(login) and setting
$edit['persistent_login'] = 1;?Comment #4
danepowell commentedAha- I have figured it out. CAS currently randomizes the user's password on every login. This is causing PL to destroy existing sessions. This behavior is supposed to change in the next release of CAS (#258909: Please do not randomize my password on every login). I have applied the patch in that issue to my site and it fixes this issue as well.
This isn't exactly a duplicate of that issue- I'll mark it as fixed and move it to the CAS queue for now.