Support for Drupal 7 is ending on 5 January 2025—it’s time to migrate to Drupal 10! Learn about the many benefits of Drupal 10 and find migration tools in our resource center.Although this module seems to be compatible with Pressflow for the most part, there are certain use cases where it is not. For example, if I log in with Webserver Auth and a call to drupal_goto() happens somewhere in the application, the user will be seen as anonymous user on the page they end up on.
The reason for this is that Pressflow does not start sessions for anonymous users. Webserver Auth correctly sets the global $user object, however drupal_goto() calls the drupal_session_commit() function which is where the problem occurs. That code tests if a session is active, and if it isn't then starts one by calling drupal_session_start(). Drupal's session handling functions test if a valid cookie exists, and if not sets the global $user object to an anonymous user thus overwriting the information set by Webserver Auth.
If you refresh the page everything is fine because a valid cookie has been set on the previous page and the global $user object is no longer overwritten with an anonymous user object in Drupal's session handling functions. I recognize that this is an edge case, but I'm sure it will bite someone else at one point or another.
Thanks,
Chris
| Comment | File | Size | Author |
|---|---|---|---|
| #2 | webserver_auth-1097938-2.patch | 1.16 KB | cpliakas |
| #1 | webserver_auth-1097938-1.patch | 1.12 KB | cpliakas |
Comments
Comment #1
cpliakas CreditAttribution: cpliakas commentedThe attached patch fixes the issue for the use case noted above and has no effect on non-Pressflow sites. In normal Drupal installations a session is started for anonymous users, in which case the conditional in the patch will never evaluate to TRUE. Therefore the module will work as it currently does. In Pressflow installations, the code in the patch starts the session before Webserver Auth sets the global $user object so it won't be overwritten with an anonymous object when the session is saved later on.
Thanks,
Chris
Comment #2
cpliakas CreditAttribution: cpliakas commentedApparently the drupal_session_*() functions are Pressflow only, so I re-rolled the patch to avoid fatal errors in non-Pressflow installations. Also for reference, the CAS module experienced issues with Pressflow and committed a similar fix at http://drupal.org/node/1086748#comment-4192052.
Thanks,
Chris
Comment #3
gaards CreditAttribution: gaards commentedClosed because Drupal 6 is no longer supported. If the issue verifiably applies to later versions, please reopen with details and update the version.