"login" never occurs [#137919]

I've noticed that there's never any "login" event marked in the log when using webserver_auth, only logout in case the user pushed that link. This also means trouble if you're using a module utilising hook_user('login'), since the 'login' event never occurs.

(I'm using a patched version for Drupal 5: http://drupal.org/node/109576 )

Comment	File	Size	Author
#7	webserver_auth-137919-7.patch	1.5 KB	cpliakas
#6	webserver_auth-137919-6.patch	1.5 KB	cpliakas
#5	webserver-auth-login-1.png	99.81 KB	cpliakas
#5	webserver-auth-login-2.png	30.94 KB	cpliakas

Support from Acquia helps fund testing for Drupal Acquia logo

Comments

Comment #1

xamanu CreditAttribution: xamanu commented 3 September 2008 at 21:32

Version:

master

» 5.x-0.0

still doesn't work.
is there a reason for that?
i'd need to use that. would you accept a patch?

Comment #2

xamanu CreditAttribution: xamanu commented 4 September 2008 at 15:22

ok. probably we dont want to do this because it would run on every users click, right.

Comment #3

Paul Natsuo Kishimoto CreditAttribution: Paul Natsuo Kishimoto commented 21 September 2008 at 19:54

@xamanu: I'm not sure. The 6.x version checks if the user has an ongoing session; if so they are not logged in again. Thus a first page load could be a "login" event; and the remainder would NOT. Also, the fact that webserver_auth 5.x doesn't log the event doesn't mean that the hook isn't fired. An easy way to check this would be to write your own very basic module with an implementation of hook_user('login') that prints some junk via drupal_set_message().

Some background: I wrote the 6.x-1.x branch, which is a substantial rewrite of the module, so I'm not too familiar with the 5.x code.

So, some questions:

Can you upgrade to 6.x? If you're lazy, little sympathy. If you're waiting for a port of a crucial module, lots of sympathy.
Is this actually against 5.x-0.0? Have you tested with 5.x-1.x-dev?
What are you trying to do via hook_user('login')?

Comment #4

xamanu CreditAttribution: xamanu commented 17 November 2009 at 12:25

Status:

Active

» Closed (fixed)

thanks for your help. this was solved a long time ago. sorry for not closing this. doing it now.

Comment #5

cpliakas CreditAttribution: cpliakas commented 14 March 2011 at 18:11

Version:	5.x-0.0	» 6.x-1.x-dev
Status:	Closed (fixed)	» Active

File	Size
webserver-auth-login-2.png	30.94 KB
webserver-auth-login-1.png	99.81 KB

I am reopening this issue because I can confirm that the login operation never occurs in the current 6.x stable version of the module. See the attached screenshots where I dsm()'ed the $op variable in a hook_user implementation when logging in via HTTP authentication. Looking through webserver_auth_init(), the two functions that are used in authentication, user_external_load() and user_external_login_register(), never invoke the login operation for hook_user().

Thanks,
Chris

Comment #6

cpliakas CreditAttribution: cpliakas commented 14 March 2011 at 18:28

Status:

Active

» Needs review

File	Size
webserver_auth-137919-6.patch	1.5 KB

The attached patch attempts the solve the issue, and the login operation is invoked correctly in most cases. The theory of the patch is that if a user is logging in, they won't have a valid session stored in the sessions table. The edge case is if the user logs out via whatever SSO system is being used then logs in again shortly thereafter before the Drupal session expires, the hook won't be invoked when the user revisits the Drupal site. Since it is likely that the user will log out without Drupal knowing it, this is a definitely possibility and probably unavoidable.

Thanks,
Chris