Support for Drupal 7 is ending on 5 January 2025—it’s time to migrate to Drupal 10! Learn about the many benefits of Drupal 10 and find migration tools in our resource center.I don't have a lot of details here but some users are visiting our slave site and getting sent to bakery/login on our master site but receiving an access denied message because they are actually logged in on the master site.
I personally have not been able to recreate but this is my best guess because it could cause the observed behaviour:
- The user visits the master site and gets bakery cookies and a session.
- The bakery cookie expires somehow. When they visit the slave directly, the slave thinks they are not logged in and they're directed to the master site.
- When they get there the 'user_is_anonymous' access call-back see's them with a logged session and denies access to the bakery login page.
I'm not sure the best solution in terms of bakery's design but one possible solution would be to remove the access callback on the master and adjust bakery_login() to redirect to the slave if there is a slave cookie. Attached is a patch the tries to do that. Not really tested much yet.
Note: I know it to be possible for things like persistent_login to cause this by login the user in during hook_init/boot which will interact poorly with bakery. We do have that enabled and are looking for a solution(though the reported cases have not been caused by this). I believe this might help those modules out as well.
| Comment | File | Size | Author |
|---|---|---|---|
| bakery_login_weirdness.patch | 1.59 KB | neclimdul |
Comments
Comment #1
Jeroen CreditAttribution: Jeroen commentedI think you can reproduce the problem by logging out of the slave site (this deletes the CHOCOLATECHIP cookie and the slave session but the master session cookie is untouched)
CHOCOLATECHIP cookie is gone now so no auto-login will occur, when trying to log in with username/password it redirects to the master andn I think it gets confused because there is a Session cookie for you. So basically you're trying to re-login to master while there already is a cookie for the master.
As soon as you delete the Master session cookie (manually or by logging out of master) one can log in with username/password again from the slave.
Comment #2
coltraneThis issue is the same as the recently created #1945936: Access denied to /bakery/login after logged out from slave when still logged in to master so I'm closing this one as a duplicate. The patch here should be considered and reviewed as a fix.
Comment #3
Jeroen CreditAttribution: Jeroen commentedCould it be that I had to paste in the changes manually to try this one out? It can't be automatically applied to 7.x-2.x.
Comment #4
brandy.brown CreditAttribution: brandy.brown commentedTried the initially submitted patch. No change in behavior.
My workaround: create a rule that when a user logs out they are redirected to the master site's user/logout page. Then the user is logged out of both and once they log back in they can access the slave site.