Summary

Aegir provision creates an aegir.services.yml file that does not properly add all domain aliases related to site to cookie_domain. This breaks the ability to create a session and nobody is able to login.

Removing the files and configuration that creates this file is the solution previously concluded below.

History:

This issue was fixed and previous code was reverted in #3066538: Cookie subdomains missing first part of subdomain for non-subdirectory sites on https://www.drupal.org/commitlog/commit/4646/211c2ffbf8c3949e6ac3d61a3b8...
and
https://www.drupal.org/commitlog/commit/4646/211c2ffbf8c3949e6ac3d61a3b8...

But these commits were sitting in a potentially related issue branch that was not linked #3066146: Automatically spawn a Verify task for parent on subdir site installation and has not been merged.

Resolution:

Cherry pick the commits into the 3.18.x branch and tag and release ASAP before people start upgrading and blowing up logins :)

CommentFileSizeAuthor
#2 3102849-2-remove-aegir-services-yml.diff3.55 KBphilosurfer
Support from Acquia helps fund testing for Drupal Acquia logo

Comments

philosurfer created an issue. See original summary.

philosurfer’s picture

philosurfer CreditAttribution: philosurfer commented
FileSize
3102849-2-remove-aegir-services-yml.diff3.55 KB

Attaching cherry picked patch.

Jon Pugh’s picture

Jon Pugh
he/him
Primary language English
Location New Windsor NY
CreditAttribution: Jon Pugh at DevShop Support for Department of Veterans Affairs commented
Priority: Major » Critical
Status: Active » Needs review
ac’s picture

ac
Primary language English
Location Perth
CreditAttribution: ac commented

Patch applies and solves issue. This really needs to be committed and released as it breaks lots of sites.

ac’s picture

ac
Primary language English
Location Perth
CreditAttribution: ac commented
Status: Needs review » Reviewed & tested by the community
colan’s picture

colan
he/him
Primary language English
Location Toronto 🇨🇦
CreditAttribution: colan at Consensus Enterprises, Colan Schwartz Consulting commented
Status: Reviewed & tested by the community » Fixed

I went to apply this and the changes seemed to already be there. As per the repository graph, this indeed seems to be the case. So it looks like this did in fact get merged in somewhere recently.

In any case, it doesn't appear to be included in the last release, but as it's now in 7.x-3.x, it will be included in the next one. I added it to the "Must have" list at #3087029: [meta] Aegir 3.19.x release.

Status: Fixed » Closed (fixed)

Automatically closed - issue fixed for 2 weeks with no activity.

ac’s picture

ac
Primary language English
Location Perth
CreditAttribution: ac commented

This issue seems to still be present in the latest release

colan’s picture

colan
he/him
Primary language English
Location Toronto 🇨🇦
CreditAttribution: colan at Consensus Enterprises commented

It's in the dev branch; it's just that #3087029: [meta] Aegir 3.19.x release isn't out yet.

ac’s picture

ac
Primary language English
Location Perth
CreditAttribution: ac commented

Can it not go into the 3.18.x branch too so this stops happening every release?

colan’s picture

colan
he/him
Primary language English
Location Toronto 🇨🇦
CreditAttribution: colan at Consensus Enterprises for Health Canada - HPFB commented

The latest release was only a patch one to update core; nothing else got in.