Support for Drupal 7 is ending on 5 January 2025—it’s time to migrate to Drupal 10! Learn about the many benefits of Drupal 10 and find migration tools in our resource center.
Profile2_regpath.module profile2_regpath_attach_profile_fields function lines 498 - 501:
// Attach custom confirmation message to form for later display.
if (isset($misc['confirmation_display'])) {
$_SESSION['profile2_regpath']['confirmation_message'] = $misc['confirmation_message'];
}
initializes session variable that is used in profile2_regpath_user_insert for drupal_set_message. Couldn't this be handled by fetching the type in profile2_regpath_user_insert or passed as a hidden value in form?
Creating unnecessary session cookie before user has made any other action than visiting the page invalidates reverse cache proxy result on all other page requests. Saving session cookie without consent is also forbidden in EU.
Comment | File | Size | Author |
---|---|---|---|
#1 | check_confirmation_display-1897570-1.patch | 789 bytes | kimwes |
Comments
Comment #1
kimwes CreditAttribution: kimwes commentedThis can be at least averted by fixing the check above that checks if confirmation_display is set.
Comment #2
grasmash CreditAttribution: grasmash commentedThanks! Committed to dev.
Comment #4
ufku CreditAttribution: ufku commentedThis is still active for 7.x-2.x-dev. I think the commit was reverted later.
The unnecessary session cookie is preventing varnish cache in our case.