The module does not work correctly when module "secure pages" is enabled.
Masquerade table always saves current session id as sid, but if current user is using https, session_id() returns ssid, not sid.
As result correct masquerade data is not loaded then for the new user if he is not using https, also masquerade records are being deleted by cron as they don't match sid from sessions table.

Comments

bugster’s picture

bugster CreditAttribution: bugster commented 
function masquerade_cron() {
  // see http://drupal.org/node/268487 before modifying this query
  $subquery = db_select('sessions', 's');
  if( ((isset($_SERVER['HTTPS']) && $_SERVER['HTTPS'] == 'on') || (isset($_SERVER['HTTP_X_FORWARDED_PROTO']) && $_SERVER['HTTP_X_FORWARDED_PROTO'] == 'https')) )
	$subquery->addField('s', 'ssid');
  else
  	$subquery->addField('s', 'sid');

  $query = db_delete('masquerade');
  $query->condition('sid', $subquery, 'NOT IN');
  
  $query->execute();
}

I guess this will fix it

deekayen’s picture

deekayen CreditAttribution: deekayen commented
Status: Active » Closed (duplicate)

While not exactly duplicate, this should be resolved when #1926074: Remove {masquerade} table and rely on session flag only is committed.