Support for Drupal 7 is ending on 5 January 2025—it’s time to migrate to Drupal 10! Learn about the many benefits of Drupal 10 and find migration tools in our resource center.
By alexbern on
I'm fighting with a "secondary" login form for users who have to less privileges. I made up a custom module to provide a login-form for anon user – like logintoboggan - to improve access denied pages. This works well so far and should also be available to already logged-in users in case to authenticate to a higher privileged role. But this drives me in to nuts, and Drupal into a loop. As I figured out, one can’t call ‘user-login’ redirect twice a session.
I’ve created an own login-form but it won’t get processed.
The only solution might be to destroy the session first before calling user-login form again. Not very user-friendly I guess.
Any Ideas?
TiAdvance
Comments
With my own form I have to
With my own form I have to validate the new username, destroy old session, build new session with new uid and redirect to restricted area. This seems to be complicated since I have to rebuild Drupal's login process including Database queries. Makes it vulnerable?