Support for Drupal 7 is ending on 5 January 2025—it’s time to migrate to Drupal 10! Learn about the many benefits of Drupal 10 and find migration tools in our resource center.
I don't know if this is actually a bug or not, but here is the situation I have run into:
1) User logs in on Drupal site, main domain - persistent login keeps them logged into.
2) User goes to other sites, returns to Drupal site - is still logged in.
3) User goes to another website which has the original Drupal site embed via the use of an iFrame - user is logged out within the iFrame, and needs to re-login into the drupal site.
Has anyone else experienced something like this before?
Comments
Comment #1
markus_petrux CreditAttribution: markus_petrux commentedWhat happens with the PL cookie during 3? ...if before re-login within the iFrame, user visits main domain from another browser window? still logged in here, but not on the iFrame?
If the domain name (without subdomain) in parent window is not the same as the domain name (without subdomain) in the iFrame, could this be an issue caused by browser security rules?
PS: No stable release in HEAD, using 6.x-1.4-beta6?
Comment #2
markus_petrux CreditAttribution: markus_petrux commentedComment #3
newmediaist CreditAttribution: newmediaist commentedRe: Version number, correct - using 6.x-1.4-beta6
Regarding the question "if before re-login within the iFrame, user visits main domain from another browser window? still logged in here, but not on the iFrame?" - correct. The issue only occurs when accessing the site within an iFrame -
I first thought it may be a browser security issue as well, but I've seen this implemented on other sites (mostly social bookmarking sites where you log in on the main site, then use a javascript bookmarlet to open an iframe on an other site)
I don't know if I answered your question succesfully?
Comment #4
newmediaist CreditAttribution: newmediaist commentedAfter re-reading your response, I decided to investigate the browser security issue a little more.
It turns out the iFrame wasn't referencing the Drupal site with the WWW - i.e. domain.com v.s. www.domain.com - I had logged in on www.domain.com, hence the login not being persistent.
I added a rewrite rule to my webserver to automatically redirect all www.domain.com requests to domain.com to ensure the cookie is set for domain.com, and it seems to have fixed the issue - Thanks!
Comment #5
newmediaist CreditAttribution: newmediaist commented