Support for Drupal 7 is ending on 5 January 2025—it’s time to migrate to Drupal 10! Learn about the many benefits of Drupal 10 and find migration tools in our resource center.I've been having a lot of issues with permissions after upgrading the PHP on my server. I have concluded that the issue is to do with securesites. I have made changes to my .htaccess according to the module known issues but issues still arise.
For all cases where the module was enabled, authentication was set to always.
The first issue (before .htaccess modification) involved all permissions being lost including for admin (user 1) as well as the securesite redirecting to the log in form for every page even after the initial login. The html login form was enabled, not html basic. I could not access the admin pages even to rebuild the permissions. The only way to get to the permissions was to first navigate to update.php, authenticate (get WSOD), and then finally navigate to permissions rebuild page via url path to get in. There is a bug in there somewhere that depends on update.php in order to get into the admin page. After the permissions rebuild, permissions are restored.
I disabled the securesite module to see if it was the cause, after disabling the module and logging out I was able to login with proper permissions without issue, and the admininistration menu was there too without requiring a refresh. Thus the cause is securesite.
Second issue (after modifying .htaccess). Only html basic was enabled ad authentication was set to always. Upon login as admin again the administration menu did not appear on initial load. Subsequent refreshes did not cause the administration menu to appear. Only on clicking "logout" did it cause the administration menu to appear but did not log out the user. I had to click logout a second time inorder to logout. Additionally, when I clicked logout the html basic dialog box pops up - a bug I think.
Third issue (after modifying .htaccess). I switched from html basic authentication to html login form. Now upon login all permissions are lost again and requires the same "update.php trick" in order to access admin pages to rebuild the permissions.
Does the server need to be restarted inorder for the changes to .htaccess to take effect?
I think a bug lies within the html login form option as well as possibly html basic because the login dialog box appears even on logout. Click logout should not cause the administration menu to appear, a page refresh should do that in the worst case.
It appears this module is too buggy to use. I am trying to secure my website for closed-beta testing, but it seems one option or another will lead to either a buggy interface or total loss of permissions.
Has anyone experienced similar?
Comments
Comment #1
Stomper CreditAttribution: Stomper commentedUpdate:::
1)
It seems that if I used html basic authentication I can still access all non-admin pages without having to reauthenticate again, but if I navigate to an admin page I get "access denied"" thus the permissions are still lost.
A page refresh does not cause the administration menu to appear (see issue http://drupal.org/node/876990) as it normally would if the bug did not exist. BUT if I click "logout" (path is website.com/logout), instead of logging me out immediately, it refreshes the page and THEN the administration menu appears, I need to hit "logout" twice in order to logout. When it does logout it displays the html basic login dialog box.
2)
If I use html login form, all admin permissions are lost like in the above case, but any page I navigate to admin and non-admin, they redirect to the login form and require login. After reauthenticating, all permissions are still lost.
For the record, the PHP upgrade was from 5.1.6 to 5.2.17.
Prior to the upgrade, I was only running html login form - all permissions were unaffected and only required one, initial login in. It is possibly a PHP issue but I have applied the .htaccess modification and restarted my server - problem persists.
Comment #2
Stomper CreditAttribution: Stomper commentedUpdate:::
Well, I've discovered another "bug." My "logout" technique to retrieve permissions only works after the first try. If I try the technique after I have cleared my browsing history, it will automatically go to logout - no permissions retrieved. But if I log in again, and do the "logout" technique a second time, it will "refresh" the page and retrieve admin permissions.
Very weird. I think it has something to do with browsers too - Firefox 3.6 by the way.
Comment #3
Stomper CreditAttribution: Stomper commentedUpdate 2::: Browser Compatibility
Just discovered while doing cross browser testing that I am unable to logout using IE 8.0.6X even when trying to use the "logout" trick mentioned above (which works with Firefox 3.6).
The "permissions" and "logout" tricks discussed earlier also work fine with Google Chrome.