Support for Drupal 7 is ending on 5 January 2025—it’s time to migrate to Drupal 10! Learn about the many benefits of Drupal 10 and find migration tools in our resource center.
I've noticed that there's never any "login" event marked in the log when using webserver_auth, only logout in case the user pushed that link. This also means trouble if you're using a module utilising hook_user('login'), since the 'login' event never occurs.
(I'm using a patched version for Drupal 5: http://drupal.org/node/109576 )
Comment | File | Size | Author |
---|---|---|---|
#7 | webserver_auth-137919-7.patch | 1.5 KB | cpliakas |
#6 | webserver_auth-137919-6.patch | 1.5 KB | cpliakas |
#5 | webserver-auth-login-1.png | 99.81 KB | cpliakas |
#5 | webserver-auth-login-2.png | 30.94 KB | cpliakas |
Comments
Comment #1
xamanu CreditAttribution: xamanu commentedstill doesn't work.
is there a reason for that?
i'd need to use that. would you accept a patch?
Comment #2
xamanu CreditAttribution: xamanu commentedok. probably we dont want to do this because it would run on every users click, right.
Comment #3
Paul Natsuo Kishimoto CreditAttribution: Paul Natsuo Kishimoto commented@xamanu: I'm not sure. The 6.x version checks if the user has an ongoing session; if so they are not logged in again. Thus a first page load could be a "login" event; and the remainder would NOT. Also, the fact that webserver_auth 5.x doesn't log the event doesn't mean that the hook isn't fired. An easy way to check this would be to write your own very basic module with an implementation of hook_user('login') that prints some junk via
drupal_set_message()
.Some background: I wrote the 6.x-1.x branch, which is a substantial rewrite of the module, so I'm not too familiar with the 5.x code.
So, some questions:
Comment #4
xamanu CreditAttribution: xamanu commentedthanks for your help. this was solved a long time ago. sorry for not closing this. doing it now.
Comment #5
cpliakas CreditAttribution: cpliakas commentedI am reopening this issue because I can confirm that the login operation never occurs in the current 6.x stable version of the module. See the attached screenshots where I dsm()'ed the $op variable in a hook_user implementation when logging in via HTTP authentication. Looking through webserver_auth_init(), the two functions that are used in authentication, user_external_load() and user_external_login_register(), never invoke the login operation for hook_user().
Thanks,
Chris
Comment #6
cpliakas CreditAttribution: cpliakas commentedThe attached patch attempts the solve the issue, and the login operation is invoked correctly in most cases. The theory of the patch is that if a user is logging in, they won't have a valid session stored in the sessions table. The edge case is if the user logs out via whatever SSO system is being used then logs in again shortly thereafter before the Drupal session expires, the hook won't be invoked when the user revisits the Drupal site. Since it is likely that the user will log out without Drupal knowing it, this is a definitely possibility and probably unavoidable.
Thanks,
Chris
Comment #7
cpliakas CreditAttribution: cpliakas commentedSame patch, but fixed a typo in a comment.
Comment #8
gaards CreditAttribution: gaards commentedClosed because Drupal 6 is no longer supported. If the issue verifiably applies to later versions, please reopen with details and update the version.