Support for Drupal 7 is ending on 5 January 2025—it’s time to migrate to Drupal 10! Learn about the many benefits of Drupal 10 and find migration tools in our resource center.Problem
Currently the code in session_limit_session_limit will redirect to session_limit_page whenever there is a collision. If the module is configured to automatically drop older sessions it the code to do so is executed and then drupal_goto() is called again redirecting the user too ... the front page. Because it's called w/ no paramaters and any ?destination that was previously set is wiped out by the previous call to drupal_goto() in session_limit_session_limit.
Proposed resolution
Move the code that handles auto dropping of session to session_limit_session_limit. This avoids the problem with loss of ?destination and means there is one less redirect necessary.
To test
You can see this problem in action by installing a module like login_destination and configuring session_limit to allow 1 session and automatically drop others. Then try and view a specific page like node/1 and click a link to login from that page that uses the ?destination paramater to redirect back to that page after login. (The login or signup to post comments link for example). If you're logged in in another browser your session in that browser will be dropped but you'll be redirected to the front page instead of back to node/1.
Attached patch implements the proposed solution.
Comments
Comment #1
deekayen CreditAttribution: deekayen commentedI don't really have a problem with the idea. Kind of just waiting for someone else to test it.
Comment #2
johnennew CreditAttribution: johnennew commentedSwitching to 7.x-2.x head to integrate there first.
I think this is along the right lines but I think the code needs to go into the end of function session_limit_invoke_session_limit. The problem with running a drupal_goto in a hook implementation is that the order of hooks are unpredictable, on some sites, the hooks implemented by other modules will fire before this one and the drupal_goto means this will be the last one. Also, rules integration and the removal of the dependency of the trigger module needs this to move to session_limit_invoke_session_limit as well #837962: Rules Integration (shift away from Trigger dependency)
New patch for review attached - I have tested this and also ensured compliance with the tests available in #2005782: Add SimpleTests.
If added, change to 6.x-2.x for the backport.
Comment #3
deekayen CreditAttribution: deekayen commentedThis didn't apply cleanly after I committed #837962: Rules Integration (shift away from Trigger dependency), but you should be able to fix it yourself now.
Comment #4
johnennew CreditAttribution: johnennew commentedRules integration patch modified some of the changes. New, clean patch attached ready for the testbot!
Comment #5
johnennew CreditAttribution: johnennew commentedTests pass - committing to 7.x-2.x and setting for backport to 6.x-2.x
Comment #6
johnennew CreditAttribution: johnennew commentedComment #7
johnennew CreditAttribution: johnennew commented6.x-2.x patch attached
Comment #8
johnennew CreditAttribution: johnennew commentedtests passed, all is well! Committed to 6.x-2.x