Support for Drupal 7 is ending on 5 January 2025—it’s time to migrate to Drupal 10! Learn about the many benefits of Drupal 10 and find migration tools in our resource center.
Problem/Motivation
On sites served by https, the session cookie starts with "SSESS" because of Drupal\Core\Session\SessionConfiguration::getName().
drupalUserIsLoggedIn only checks for cookies starting with "SESS".
Proposed resolution
Allow cookies starting with SESS and SSESS.
Note we can't test this on drupal.org because DrupalCI does not offer https testing.
Remaining tasks
Fix it.
Comment | File | Size | Author |
---|---|---|---|
#8 | 3078676-8.patch | 653 bytes | chr.fritsch |
#2 | 3078676.patch | 657 bytes | chr.fritsch |
Comments
Comment #2
chr.fritschHere is a patch to fix it.
Comment #3
alexpottThis looks untestable on DrupalCI but the change makes sense.
Comment #4
mtodor CreditAttribution: mtodor at Thunder commentedThis looks good to me. Regex is simple and easy to understand, so I would keep it as it is.
I have also tested with
HTTPS
andHTTP
and it works in both cases.Good job in finding this and fixing it!
Should we also fix this in 8.8.x?
Comment #5
justafishThe change also makes sense to me, but I think that regex will match for SSESS anywhere. How about
^S?SESS
instead.Comment #6
alexpottGreat catch @justafish - https://regex101.com/r/gZPVSH/4 vs https://regex101.com/r/gZPVSH/3
Comment #7
alexpottAnd now with @justafish's suggested regex - https://regex101.com/r/gZPVSH/5 - works great.
Comment #8
chr.fritschNice. Here is the updated patch.
Comment #9
mtodor CreditAttribution: mtodor at Thunder commentedGood catch @justafish, I didn't notice missing parentheses. :(
I have tested this again and it works.
Comment #10
alexpottCommitted and pushed ffce54ecc7 to 8.8.x and b4b3f327ec to 8.7.x. Thanks!