Support for Drupal 7 is ending on 5 January 2025—it’s time to migrate to Drupal 10! Learn about the many benefits of Drupal 10 and find migration tools in our resource center.
By verbal@drupal.org on
Ok I've been searching the forums for about an hour now and cant find this answers so if this is a double post, I apologize. Just post a link to the other one and I'll be on my way.
I'm working with drupal 5.0 beta 1 (apache 2 / php 5.2 / mysql 5.0(I think) ). The problem sounded exactly similar to this persons problem: http://drupal.org/node/98056 where login does work, but if I try to click on anything that requires admin rights I get access denied. the post suggested a patch for it in the session.inc file, but in 5.0 beta 1 this seems to have already been done.
Here is the detective work I've done so far other wise scroll to the bottom for my question:
I checked the sessions table using this query:
SELECT * FROM sessions s ORDER BY timestamp desc;
the result set:
uid, sid, hostname, timestamp, chache, session
--------------------------------------------------------------------
0, '046888ba6047d042f60ce0abd6375951', '127.0.0.1', 1164554529, 0, ''
0, '7717bd64c9c1293c8fbc5e4f3b0f7777', '127.0.0.1', 1164553889, 0, ''
0, '9c60dcae94cfd174d9439662a5a7e128', '127.0.0.1', 1164494659, 0, ''
0, 'ac41107741cdc8e35d65f5fb8c58a9fa', '127.0.0.1', 1164493967, 0, ''
0, '46bd8205701ede4382ce71189ec2b99a', '127.0.0.1', 1164493730, 0, ''
0, '1d0d4fb6c8fbadded714186d63d2cfe5', '127.0.0.1', 1164493229, 0, ''
now because they are ordered descending the most recent one is on top so I looked at my cookies in firefox and sure enough my sessionID was 046888ba6047d042f60ce0abd6375951 which maches the first one there. So I went back to session.inc and looked at the code where I found this line:
// Otherwise, if the session is still active, we have a record of the client's session in the database.
$user = db_fetch_object(db_query("SELECT u.*, s.* FROM {users} u INNER JOIN {sessions} s ON u.uid = s.uid WHERE s.sid = '%s'", $key));
I used that code and replaced my sessionID in for sid and came up with this query:
SELECT u.*, s.* FROM users u INNER JOIN sessions s ON u.uid = s.uid WHERE s.sid = '046888ba6047d042f60ce0abd6375951'
which returned this:
uid, name, pass, mail, mode, sort, threshold, theme, signature, created, access, login, status, timezone, language, picture, init, data, uid, sid, hostname, timestamp, cache, session
----------------------------------------------------------------------------------------
0, '', '', '', 0, 0, 0, '', '', 0, 0, 0, 0, '', '', '', '', '', 0, '046888ba6047d042f60ce0abd6375951', '127.0.0.1', 1164554529, 0, ''
now I then looked at the next block that would be run in the session.inc:
// We found the client's session record and they are an authenticated user
if ($user && $user->uid > 0) {
...
}
// We didn't find the client's record (session has expired), or they are an anonymous user.
else {
$user = drupal_anonymous_user($user->session);
}
The problem is the query is returning uid 0 which will make the logic go to the else clause and anonymous access to be given instead of authenticated access.
So my question is, why is the uid 0 being stored in the sessions table if i'm trying to login as the root user with uid 1??
Any ideas??
Comments
Refer to this thread for
Refer to this thread for discussion of this issue: http://drupal.org/node/20397
Session handling
See this issue: http://drupal.org/node/93945
It has been fixed in the Drupal 5 development branch.
--
The Manual | Troubleshooting FAQ | Tips for posting | How to report a security issue.
I was able to fix it, I
I was able to fix it, I posted my soution in that thread I mentioned above. Also, this problem has been fixed all together in beta2, so anyone else having a similar issue, upgrade from beta1 to beta2