When you create a user account through the "/user/register" endpoint, you no longer get an authenticated account with a valid session cookie. This is a change from Services 7.x-3.3.

Is this intended behavior or an unintentional bug?


@lhridley can you provide a patch with test that fails if user is not logged-in after registering a user?

Status:Active» Closed (cannot reproduce)

I'm going to close this issue for now. I set up a clean drupal install and was unable to duplicate this problem so it is most likely another module that is installed on the site we're developing that is interfering. If I manage to track the problem down, I'll reopen.

Status:Closed (cannot reproduce)» Active

Same issue. I tried to register a user through user/register endpoint using chrome Postman tool, and response shows that a user is created successfully, then i refresh the page, it gives a message: "Registration successful. You are now logged in." , but actually not.

Category:bug» support

I looked into the code and found that it will not result in a logged in session unless your resouse $controller['callback'] contains the string "login" or "logout". For example the register call back is '_user_resource_create' and if you change it to '_user_resource_create_login' or 'login_user_resource_create' or even '_usloginer_resource_create', the new created account will log in.

function _services_controller_execute_preserve_user_switch_anonymous($controller) {
services_set_server_info('original_user', $user);
$preserve_session = strpos($controller['callback'], 'login') === FALSE && strpos($controller['callback'], 'logout') === FALSE;
services_set_server_info('preserve_session', $preserve_session);
  if (
$preserve_session) {
$original_session_state = drupal_save_session();
services_set_server_info('original_session_state', $original_session_state);
$user = drupal_anonymous_user();
$user->timestamp = time();

Version:7.x-3.x-dev» 7.x-3.7
Issue summary:View changes

Noticed this as well. With reference to _services_controller_execute_preserve_user_switch_anonymous, if I comment out:

$preserve_session = strpos($controller['callback'], 'login') === FALSE && strpos($controller['callback'], 'logout') === FALSE;

and replace it with:

$preserve_session = FALSE;

the user does get logged in on registration. Wondering what the rationale is for this behaviour and whether it could be changed?