The problem arises when your users are browsing your drupal site for longer than the cookie expiry for vBulletin (roughly 900 seconds, I think). You could change the cookie expiry, of course, but because Drupal re-ups its expiry every time a page is loaded, both vBulletin and Drupal will get out of sync. To fix the problem, modify drupalvb.module to add the following lines at line #335 (the end of the switch statement in the drupalvb_user function):

    case 'load':
      return drupalvb_set_login_cookies($account->uid);
      break;

This essentially resets the vb cookie every time a drupal page is loaded with a user logged in.

Comments

kap316’s picture

I am having this very issue. But I dont know where to put the code.

Here is what my lines 330 - 370 looks like:

/**
* Validation handler for the password recovery form.
*
* Create a non-existent Drupal user if one with the requested username or mail
* exists in vB. Note that the user_pass form asks the user to enter a username
* OR email address in one form field internally called 'name'.
*
* @see user_pass_validate()
*/
function drupalvb_user_pass_validate($form_id, $form_values) {
$name = $form_values['name'];

// Return if the given user exists in Drupal.
if (user_load(array('name' => $name)) || user_load(array('mail' => $name))) {
return;
}

module_load_include('inc', 'drupalvb');

// Try to import a corresponding user from vB.
if ($userid = db_result(drupalvb_db_query("SELECT userid FROM {user} WHERE username = '%s' OR email = '%s'", drupalvb_htmlspecialchars($name), $name))) {
drupalvb_lookup_drupal_user($userid);

Do I put it somewhere in there? If not please give me a line to follow. Thanks!

kap316’s picture

Does anyone know how to fix this issue?

mcdruid’s picture

I'm afraid I'm not offering a fix, but would point out that the suggested code won't work for two reasons:

1) drupalvb_set_login_cookies($userid) expects a vB userid, and $account->uid is a Drupal uid. The two are most likely not the same thing, so you're likely to be setting a vB cookie for the wrong vB user.
2) hook_user() may be invoked with $op='load' for several different user accounts in the course of a normal Drupal request - e.g. to look up user pictures for commenters etc.. - not just the user who is currently logged in.

CoolBeans’s picture

Wouldn't it be as simple as:

case 'load':
return drupalvb_user_login($account);
break;

I can't test it but I would like to know if it works.

Cheers.

mcdruid’s picture

Coolbeans,

case 'load':
return drupalvb_user_login($account);
break;

addresses issue 1 in my comment #3 - as drupalvb_user_login looks up the $vbuser that corresponds to the Drupal $account before calling drupalvb_set_login_cookies($vbuser['userid']), but not my issue 2.

To ensure that you're only setting vb login cookies for the user who is logged into Drupal (and not other user accounts that might be loaded), I'd have thought you'd want to do something like:

case 'load':
  global $user;
  if ($account->uid == $user->uid) {
    return drupalvb_user_login($account);
  }
  break;

Personally, I think this seems very inefficient (a "sledgehammer to crack a nut") - I'd probably try to avoid setting up a whole new session and setting new cookies etc.. for vb on every Drupal request.

luketsimmons’s picture

Wouldn't this be a case of modifying vBulletin, ie where the session check is made to see if the user is still logged in?

So jump back to vBulletin and on page load during session check have a look in the Drupal session table to see if the session is still valid (and hasn't been garbage collected) and if so reinitiate the session for vB?

Obviously that means this becomes a problem within vBulletin code. I've not looked yet but do people agree with this? (then I might have a stab).

Thanks,
luke

apaderno’s picture

Issue summary: View changes
Status: Active » Closed (outdated)

I am closing this issue, as Drupal 6 is now not supported.