The first time a user logs in and returns to an authenticated page, they incorrectly receive an access denied error. If they refresh, the access denied error goes away and they can access everything appropriately. This was first reported here:
http://drupal.org/comment/reply/991922/6146630#comment-4926604
The source of this issue is likely a result of changes in the hook ordering in D7. In D7 there are a multitude of things that run before hook_init(), and one of those is the menu access callback function which determines user access. When the page is refreshed, the user has access because by that point the user is saved in the session and the menu access callback passes. I ran into this same issue with Cosign module, which you can look to for reference:
http://drupal.org/node/1540268
The fix is to move the login functionality from hook_init() into hook_menu_get_item_alter().
I will create a patch.
Comment | File | Size | Author |
---|---|---|---|
#1 | webserver_auth-fix_access_denied_first-page-1903896-0.patch | 1.64 KB | kevinchampion |
Comments
Comment #1
kevinchampion CreditAttribution: kevinchampion commentedI don't have a test environment to actually verify this bug or test that this patch fixes it, so it will require testing and (probably) modification.
Nevertheless, here's a patch that *should* fix it.
Comment #2
specky_rum CreditAttribution: specky_rum commentedCool, thanks! Will check this out asap and get back to you...
Comment #3
xiaoruoruo CreditAttribution: xiaoruoruo commentedworks for me, thanks!
Comment #4
specky_rum CreditAttribution: specky_rum commentedWorks for me too, I'm just having trouble committing it! Will get it up asap.
Comment #5
specky_rum CreditAttribution: specky_rum commentedThis is now committed and included in the official release.