Query variables set incorrectly for ip_login_no_cache creating redirect loop

CommentFileSizeAuthor
#7 ip-login-redirect-loop-2204743-7.patch701 bytest-lo
#5 ip-login-redirect-loop-2204743-5.patch86.38 KBt-lo
#2 ip-login-redirect-loop-2204743-2.patch86.38 KBt-lo

Comments

t-lo’s picture

t-lo
Primary language English
Location Bristol, UK
commented

$url = url($url, array('query' => array('ip_login_no_cache=' . md5(time())), 'absolute' => TRUE));

Should be:

$url = url($url, array('query' => array('ip_login_no_cache' => md5(time())), 'absolute' => TRUE));

t-lo’s picture

t-lo
Primary language English
Location Bristol, UK
commented
StatusFileSize
new ip-login-redirect-loop-2204743-2.patch86.38 KB

Latest dev version is different but still incorrect:

$url = url($url, array('query' => 'ip_login_no_cache='.md5(time()), 'absolute' => TRUE));

Should be:

$url = url($url, array('query' => array('ip_login_no_cache' => md5(time())), 'absolute' => TRUE));

t-lo’s picture

t-lo
Primary language English
Location Bristol, UK
commented
Status: Active » Needs review

Status: Needs review » Needs work

The last submitted patch, 2: ip-login-redirect-loop-2204743-2.patch, failed testing.

t-lo’s picture

t-lo
Primary language English
Location Bristol, UK
commented
Status: Needs work » Needs review
StatusFileSize
new ip-login-redirect-loop-2204743-5.patch86.38 KB

Status: Needs review » Needs work

The last submitted patch, 5: ip-login-redirect-loop-2204743-5.patch, failed testing.

t-lo’s picture

t-lo
Primary language English
Location Bristol, UK
commented
Status: Needs work » Needs review
StatusFileSize
new ip-login-redirect-loop-2204743-7.patch701 bytes

was checking out the master branch, hopefully this one will pass :)

markpavlitski’s picture

markpavlitski commented
Title: Redirect loop when variable_get('cache', CACHE_DISABLED) != CACHE_DISABLED » Redirect loop when anonymous page caching is enabled
Assigned: t-lo » Unassigned
Status: Needs review » Needs work

The patch definitely fixes the redirect loop issue, however there can still be cache collisions if there are multiple requests arriving within 1 second.

I'd suggest using something which is session specific, like drupal_get_token() instead of md5(time()).

davidwhthomas’s picture

davidwhthomas commented
Status: Needs work » Fixed

Adjusted patch committed, thanks!

Status: Fixed » Closed (fixed)

Automatically closed - issue fixed for 2 weeks with no activity.