I have a problem that I can see in my logs.

A user will log in successfully and then click a link to a page which will then display the access denied and ask them to log in again. If the user then logs in they will be able to see this page so I know it's not a permission issue.

Any ideas why the user has to log in twice?

Thanks

Comments

vlad.pavlovic’s picture

I am not able to reproduce this issue, can you give me a little more information? Do you have any other modules that may be conflicting with Nodeaccess? What version of Drupal are you running currently?

sphankin’s picture

Hi,

I worked out why it was happening - I think it might be a bug but I'm not sure.

Say for example I have a secure page: www.website.com/securepage.

When I create an link to that page once a user is already logged in, and use the whole address (http://www.website.com/securepage) the user is logged out and is asked to log back in.

If I create an link to that page but only use part of the address (/securepage) the user will remain logged in and be diverted to the page.

I'm running a range of different modules on Drupal version 7.20.

I'm happy getting around it but wondered whether it was a bug? If you can't reproduce it - it might just be me so feel free to close the issue.

vlad.pavlovic’s picture

Hmmm, I wonder if it's a cookie domain setting issue. Do you have any additional rewrite rules in apache that add or remove the www from your address?

sphankin’s picture

Hi, you're right! I do use a rewrite rules to remove www from the web address. Do you reckon that might be why?

vlad.pavlovic’s picture

I believe that it is. When you link to http://www.website.com/securepage the domain changes which invalidates the cookie when you are taken back to http://website.com/securepage.

Let me know if changing the cookie domain and/or your rewrite rule fixes your issue (just so I can close the issue here).

Thanks,

Vlad

vlad.pavlovic’s picture

Status: Active » Fixed

If this is still an issue and you believe that it's caused by nodeaccess please reopen the issue.

Status: Fixed » Closed (fixed)

Automatically closed -- issue fixed for 2 weeks with no activity.