Session with empty session id "left behind" when logging in
PWG - August 12, 2009 - 09:18
| Project: | Services |
| Version: | 6.x-0.15 |
| Component: | Code |
| Category: | bug report |
| Priority: | normal |
| Assigned: | Unassigned |
| Status: | active |
Jump to:
Description
Hi,
I use Services and amfphp. When I log in via my flash app user.login it seems the session id is emptied in the anonymous session - but the session is still there - and then another, authenticated session is generated. Then, when I log out via user.logout, only the anonymous session with the empty sid remains.
Anyone have any idea why this could be?
PWG
#1
This should be resolved in 6-x-2-dev. 6-x-0.15 was only released to deal with a specific security issue and is basically superceeded by 6-x-2-dev.
#2
Great! Thanks, marcingy. So do you recommend me to switch to 6-x-2-dev? How stable would you say this version is?
Also, is there a list anywhere of the differences between 6.x-0.15 and 6-x-2-dev? The release notes do not say anything.
PWG
#3
#4
Phew! This was a tricky one.
I'm still in 6.x-0.15. Since it is stable enough for my needs I figured I might as well stay there until the dev version becomes the recommended version to use.
However, then I'm still stuck with the problem described above, and I'm hoping someone could give me a hint to solve it.
Recap:
It seems there is a problem in the login function that makes the logout function not work. Or there might be a problem both in the login funcion AND in the logout function. My real problem is not being able to log out. If I log in and log out immediately - the logout function does not seem to do anything at all. If, instead, I log in, end the flash program and restart and THEN log out, I get this error:
session_encode(): Cannot encode non-existent session.
I figured the logout problem might stem from the login function not behaving as it should. When I log in via Services with a Flash client, the anonymous session, it seems, is turned into this:
uid: 87
session id: [null]
timestamp: [e.g. 1254543399]
and then a new session is created as well:
uid: 87
session id: [e.g. svg3fsv3s5wik1co86jggur8n64]
timestamp: [e.g. 1254881397]
However, when I log in directly on the Drupal site, only thing that happens is that the anonymous session gets the correct uid and a new timestamp but keeps the same session id. In other words, no extra session record is added to the sessions table.
QUESTIONS: Is this how Services wants to behave? How do I fix this so that logging in via Services works as when logging in directly on the Drupal site? Is this problem connected to session_regenerate_id()?
Anyone has any idea? I'm tearing my hair over this.
#5
bump