After recently switching a site using the nodejs module to SSL (via an nginx SSL termination proxy, if that matters), our nodejs functionality mysteriously stopped working. I narrowed it down to this function in nodejs.module:
function nodejs_auth_check_callback($auth_token) {
return db_query("SELECT uid FROM {sessions} WHERE MD5(sid) = :auth_key", array(':auth_key' => $auth_token))->fetchField();
}
Returning null, where it should be returning a uid. After digging into the DB, I found that my secure sessions were being stored in the 'ssid' column, rather than the 'sid' column. If I hack the code to:
function nodejs_auth_check_callback($auth_token) {
return db_query("SELECT uid FROM {sessions} WHERE MD5(sid) = :auth_key OR MD5(ssid) = :auth_key", array(':auth_key' => $auth_token))->fetchField();
}
It seems to work. Patch coming in first comment, but really looking for feedback on whether or not this was a good approach, or if my setup is just wrong (i.e. this should be a support request).
Comment | File | Size | Author |
---|---|---|---|
#1 | nodejs-ssl_session_id_matching-1893342-1.patch | 572 bytes | obrienmd |
Comments
Comment #1
obrienmd CreditAttribution: obrienmd commentedTrivial-but-possibly-super-misguided patch, as promised :)
Comment #2
SocialNicheGuru CreditAttribution: SocialNicheGuru commentedComment #4
Anonymous (not verified) CreditAttribution: Anonymous commentedthanks!