Problem/Motivation

With r4032login on a quite complex Pressflow-based site, we don't see the r4032login_display_denied_message on redirect to the login form.

Without digging much further I can't confirm exactly what the issue is. But one point about Pressflow is that it's much less likely to create (or indeed save) $_SESSION scopes: I think this in part helps it avoid creating SESSID cookies that prevent e.g. Varnish from working as a cacheing layer.

So unless session_write_close() is explicitly called (which notably drupal_goto() does towards the end), then exit() prevents it from being implicitly called as a registered shutdown function. As a result, then because drupal_set_message() uses $_SESSION as its storage mechanism, the message is lost.

Proposed resolution

The code suggests that header()/exit() is being used because "using drupal_goto() with destination set causes a recursive redirect loop". We can definitely repeat that; but instead of tackling it by using the lower-level PHP functions, we propose unset()ing $_REQUEST['destination'] as a less impactful way to break the loop.

I'll attach a simple patch to the first comment so we get the patch naming convention right.

Remaining tasks

Testing on standard Drupal 6, to ensure we still avoid any redirect loops.

User interface changes

None. This should be a completely transparent change.

API changes

None. This should be a completely transparent change.

This behaviour was also seen in Drupal 7, which I think implements better session handling than D6 (by copying Pressflow? that would explain a lot if so): #1102938: The custom message sent through the drupal_set_message does not display

Comments

jp.stacey’s picture

Status: Needs work » Needs review
StatusFileSize
new885 bytes

Patch attached for comments/testing.

jp.stacey’s picture

The patch above changes the syntax of the URL from user/login?destination=... to user/login?query=destination%2D.... This is because url() and drupal_goto() have subtle differences in their arguments.

Revised patch attached.

pwolanin’s picture

Priority: Normal » Major
Status: Needs review » Needs work

Looks like the code has changed in the module (patch needs a re-roll), but I think this is the right approach

pwolanin’s picture

Version: 6.x-1.4 » 6.x-1.x-dev
Status: Needs work » Fixed

This seems to already be fixed in the latest code in git.

maybe was this issue: #339120: Redirect issues

see e.g. http://drupalcode.org/project/r4032login.git/commitdiff/5607949?hp=f93b7...

pwolanin’s picture

Issue summary: View changes

adding an explanatory note to why it's significant that D7 might copy session management from Pressflow rather than D6

Status: Fixed » Closed (fixed)

Automatically closed - issue fixed for 2 weeks with no activity.