Each time I log into my website, I receive an "Access Denied, you are not authorized to view this page" error. I then log in again with exactly the same credentials, and am authorised.

When I look in the logs, I get "Session opened for user.name" for both attempts.

In the drupal.sessions table, I have two entries:
- First entry has SID populated
- Second entry has SID and SSID populated with the same value

I am running on HTTPS and am using the Secure Pages (with the intent that every page is HTTPS).
Cookie domain is ".mywebsite.com"

Same behaviour on IE and Chrome.

Comments

John_B’s picture

This looks like a secure pages bug. You could look around the issue queue. Maybe this one is relevant https://www.drupal.org/node/1545970. Unfortunately the module has no stable release and no recent release, so you are probably going to have to patch it.

I am running on HTTPS and am using the Secure Pages (with the intent that every page is HTTPS).

OK. I cannot imagine why anyone would want to do that, rather than simply setting up an https virtual host and redirecting all traffic to it. but surely you have your reasons.

Digit Professionals specialising in Drupal, WordPress & CiviCRM support for publishers in non-profit and related sectors