I don't know if this is actually a bug or not, but here is the situation I have run into:

1) User logs in on Drupal site, main domain - persistent login keeps them logged into.
2) User goes to other sites, returns to Drupal site - is still logged in.
3) User goes to another website which has the original Drupal site embed via the use of an iFrame - user is logged out within the iFrame, and needs to re-login into the drupal site.

Has anyone else experienced something like this before?

Comments

markus_petrux’s picture

markus_petrux CreditAttribution: markus_petrux commented
Version: master » 6.x-1.4-beta6

What happens with the PL cookie during 3? ...if before re-login within the iFrame, user visits main domain from another browser window? still logged in here, but not on the iFrame?

If the domain name (without subdomain) in parent window is not the same as the domain name (without subdomain) in the iFrame, could this be an issue caused by browser security rules?

PS: No stable release in HEAD, using 6.x-1.4-beta6?

markus_petrux’s picture

markus_petrux CreditAttribution: markus_petrux commented
Status: Active » Postponed (maintainer needs more info)
newmediaist’s picture

newmediaist CreditAttribution: newmediaist commented

Re: Version number, correct - using 6.x-1.4-beta6

Regarding the question "if before re-login within the iFrame, user visits main domain from another browser window? still logged in here, but not on the iFrame?" - correct. The issue only occurs when accessing the site within an iFrame -

I first thought it may be a browser security issue as well, but I've seen this implemented on other sites (mostly social bookmarking sites where you log in on the main site, then use a javascript bookmarlet to open an iframe on an other site)

I don't know if I answered your question succesfully?

newmediaist’s picture

newmediaist CreditAttribution: newmediaist commented
Status: Closed (fixed) » Postponed (maintainer needs more info)

After re-reading your response, I decided to investigate the browser security issue a little more.

It turns out the iFrame wasn't referencing the Drupal site with the WWW - i.e. domain.com v.s. www.domain.com - I had logged in on www.domain.com, hence the login not being persistent.

I added a rewrite rule to my webserver to automatically redirect all www.domain.com requests to domain.com to ensure the cookie is set for domain.com, and it seems to have fixed the issue - Thanks!

newmediaist’s picture

newmediaist CreditAttribution: newmediaist commented
Status: Postponed (maintainer needs more info) » Closed (fixed)

Status: Postponed (maintainer needs more info) » Closed (fixed)

Correcting issue status, see #2125263: Issue status not taken from last comment during D7 migration.