When Drupal is using http and https, and session limit is in drop mode, when the max session limit is hit, Session Limit drops the wrong number of sessions. This is because with https, a logged in user holds two browser sessions for Drupal's single session. Drupal stores this as two rows in the sessions table which Session Limit currently considers each row a single Drupal session, which is true in http only mode.

The patch attached simply rewrites the database queries to made by session limit to the session table to ensure it considers a http and https row in the sessions table, for the same session, as a single session.

CommentFileSizeAuthor
#4 session_limit-mixed_https_mode_issues-1495150-7506645.patch6.29 KBjohnennew
#2 session_limit-mixed_https_mode_issues-1495150-5801604.patch3.3 KBjohnennew
7.x-session_limit-mixed-https-support.patch7 KBJosh Waihi
Support from Acquia helps fund testing for Drupal Acquia logo

Comments

deekayen’s picture

deekayen CreditAttribution: deekayen commented
Status: Active » Needs work

Looks like your patch is mixed with some scmp jmeter stuff.

johnennew’s picture

johnennew CreditAttribution: johnennew commented
Version: 7.x-2.0-beta2 » 7.x-2.x-dev
Status: Needs work » Needs review
FileSize
session_limit-mixed_https_mode_issues-1495150-5801604.patch3.3 KB

Cleaned up patch attached.

johnennew’s picture

johnennew CreditAttribution: johnennew commented
Version: 7.x-2.x-dev » 6.x-2.x-dev
Status: Needs review » Active

Tests pass, adding to 7.x-2.x. Setting to 6.x-2.x for the backport.

johnennew’s picture

johnennew CreditAttribution: johnennew commented
Status: Active » Needs review
FileSize
session_limit-mixed_https_mode_issues-1495150-7506645.patch6.29 KB

D6 6.x-2.x patch attached.

johnennew’s picture

johnennew CreditAttribution: johnennew commented
Status: Needs review » Fixed

Tests passed, committing to 6.x-2.x

Status: Fixed » Closed (fixed)

Automatically closed -- issue fixed for 2 weeks with no activity.