I have discovered problem with mixed mode session. When mixed mode enabled:
$conf['https'] = TRUE;
we should have same session for secure and insecure pages (https and http) but it does not works and starts new anonymous session instead.
Test environment:
clean Drupal 7.28 (no contrib installed), PHP 5.3.10, Ubuntu 12.04 (server and client), any browser
Ways to reproduce:
1. Add next lines to your settings.php:
$conf['https'] = TRUE;
2. open incesure user login page (http:///user)
3. Login
4. Open any site page under SSL (https://)
5. Open any insecure page again

Expecting to be logged in with same session for secure and insecure pages.
Happend instead - new anonymous session started for secure and insecure pages.

CommentFileSizeAuthor
#1 mixed_mode_session-2283711-0.patch799 bytesd.olaresko

Comments

d.olaresko’s picture

d.olaresko commented
StatusFileSize
new mixed_mode_session-2283711-0.patch799 bytes

Patch added

d.olaresko’s picture

d.olaresko commented
Issue summary: View changes
morgan_jennevret’s picture

morgan_jennevret commented

I've been having the same problem as you dolar4ik. But want to avoid patching core.
Now I think I have solved the issue with the help of https://www.drupal.org/node/1050746#comment-5194462

Try having your login page on https, and keep $conf['https'] = TRUE;
That did it for me.

waqarit’s picture

waqarit commented

https://www.drupal.org/files/issues/mixed_mode_session-2283711-0.patch this patch working fine on Drupal 7.52

amit0212’s picture

amit0212 commented

Patch

Status: Active » Closed (outdated)

Automatically closed because Drupal 7 security and bugfix support has ended as of 5 January 2025. If the issue verifiably applies to later versions, please reopen with details and update the version.