After recently switching a site using the nodejs module to SSL (via an nginx SSL termination proxy, if that matters), our nodejs functionality mysteriously stopped working. I narrowed it down to this function in nodejs.module:

function nodejs_auth_check_callback($auth_token) {
  return db_query("SELECT uid FROM {sessions} WHERE MD5(sid) = :auth_key", array(':auth_key' => $auth_token))->fetchField();
}

Returning null, where it should be returning a uid. After digging into the DB, I found that my secure sessions were being stored in the 'ssid' column, rather than the 'sid' column. If I hack the code to:

function nodejs_auth_check_callback($auth_token) {
  return db_query("SELECT uid FROM {sessions} WHERE MD5(sid) = :auth_key OR MD5(ssid) = :auth_key", array(':auth_key' => $auth_token))->fetchField();
}

It seems to work. Patch coming in first comment, but really looking for feedback on whether or not this was a good approach, or if my setup is just wrong (i.e. this should be a support request).

CommentFileSizeAuthor
#1 nodejs-ssl_session_id_matching-1893342-1.patch572 bytesobrienmd
Support from Acquia helps fund testing for Drupal Acquia logo

Comments

obrienmd’s picture

obrienmd CreditAttribution: obrienmd commented
FileSize
nodejs-ssl_session_id_matching-1893342-1.patch572 bytes

Trivial-but-possibly-super-misguided patch, as promised :)

SocialNicheGuru’s picture

SocialNicheGuru CreditAttribution: SocialNicheGuru commented
Issue summary: View changes
Status: Active » Needs review

  • Commit 5f613dd on 7.x-1.x by beejeebus: 
    #1893342 by obrienmd: check for ssid as well as sid when validating an...
Anonymous’s picture

Anonymous (not verified) CreditAttribution: Anonymous commented
Status: Needs review » Fixed

thanks!

Status: Fixed » Closed (fixed)

Automatically closed - issue fixed for 2 weeks with no activity.