When you create a user account through the "/user/register" endpoint, you no longer get an authenticated account with a valid session cookie. This is a change from Services 7.x-3.3.

Is this intended behavior or an unintentional bug?

Comments

ygerasimov’s picture

@lhridley can you provide a patch with test that fails if user is not logged-in after registering a user?

lhridley’s picture

Status: Active » Closed (cannot reproduce)

I'm going to close this issue for now. I set up a clean drupal install and was unable to duplicate this problem so it is most likely another module that is installed on the site we're developing that is interfering. If I manage to track the problem down, I'll reopen.

edxxu’s picture

Status: Closed (cannot reproduce) » Active

Same issue. I tried to register a user through user/register endpoint using chrome Postman tool, and response shows that a user is created successfully, then i refresh the page, it gives a message: "Registration successful. You are now logged in." , but actually not.

marcingy’s picture

Category: bug » support
edxxu’s picture

I looked into the code and found that it will not result in a logged in session unless your resouse $controller['callback'] contains the string "login" or "logout". For example the register call back is '_user_resource_create' and if you change it to '_user_resource_create_login' or 'login_user_resource_create' or even '_usloginer_resource_create', the new created account will log in.

function _services_controller_execute_preserve_user_switch_anonymous($controller) {
  global $user;
  services_set_server_info('original_user', $user);

  $preserve_session = strpos($controller['callback'], 'login') === FALSE && strpos($controller['callback'], 'logout') === FALSE;
  services_set_server_info('preserve_session', $preserve_session);
  if ($preserve_session) {
    $original_session_state = drupal_save_session();
    services_set_server_info('original_session_state', $original_session_state);
    drupal_save_session(FALSE);
  }

  $user = drupal_anonymous_user();
  $user->timestamp = time();
}
yaworsk’s picture

Version: 7.x-3.x-dev » 7.x-3.7
Issue summary: View changes

Noticed this as well. With reference to _services_controller_execute_preserve_user_switch_anonymous, if I comment out:

$preserve_session = strpos($controller['callback'], 'login') === FALSE && strpos($controller['callback'], 'logout') === FALSE;

and replace it with:

$preserve_session = FALSE;

the user does get logged in on registration. Wondering what the rationale is for this behaviour and whether it could be changed?

kylebrowning’s picture

Status: Active » Closed (fixed)

Happy to see code that obliges registration, but not something I can take on at this time.

If you provide a patch, please re-open the issue as a feature request.