Contrib.social

Duplicate session collision

Open on Drupal.org β†’
Created on 13 June 2014, almost 11 years ago
Updated 23 January 2025, 4 months ago

In testing for putting into production, we ran into inconsistent login results with this combination:

  • Duplicate Email setting: Don't allow duplicate email addresses, add new identity to the existing account and login
  • Using Facebook/Linkedin to log in to existing user accounts

We got three possible responses on an inconsistent, seemingly random basis:

  • User would authenticate through Facebook/Linkedin and be redirected back to the originating page with an error that the email address they are using already exists etc (expected, correct result).
  • User would authenticate through Facebook/Linkedin and be redirected back to the originating page. No errors or warnings. From a user experience standpoint, it was like nothing happened. Subsequent clicks of the Facebook/Linkedin links didn't yield any other result. Logs didn't show any errors and the user was not logged in.
  • User would authenticate through Facebook/Linkedin and be redirected back to the site, log in, and be shown a maintenance screen with error "Website encountered unexpected error." This error is found in the log:
    "PDOException: SQLSTATE[23000]: Integrity constraint violation: 1062 Duplicate entry 'dOkIMP1VDNanVfMvRdlTBxmByLAdHQ-Y8wh-nBclyHY-ODmgOJIP4vSrFqa3H_nV' for key 'PRIMARY': UPDATE {sessions} SET sid=:db_update_placeholder_0, ssid=:db_update_placeholder_1 WHERE (ssid = :db_condition_placeholder_0) ; Array ( [:db_update_placeholder_0] => dOkIMP1VDNanVfMvRdlTBxmByLAdHQ-Y8wh-nBclyHY [:db_update_placeholder_1] => ODmgOJIP4vSrFqa3H_nVmtf7VDfsECDaaJl_p7o-WnU [:db_condition_placeholder_0] => TXw1fzAm_0JWfky21WM0bUnzLzWS65VjoXI8xunztpY ) in drupal_session_regenerate() (line 393 of /var/www/vhosts/.com/drupal-git/includes/session.inc)."

This pointed to session collisions...which eventually led us to try changing line 28 of hybridauth.pages.inc, replacing drupal_session_start with drupal_session_regenerate.

All of the above issues went away with the change. So I'm sharing our experience in case someone else has had this same problem, and to ask that the code change be considered for future releases.

Thanks for your plug in -- we tested similar other ones had found this one to be the most straightforward, easy to implement and flexible. I especially appreciate the documentation, which I found to be helpful not only for implementation, but also for learning how to get set up with the social network side of things. It helped a ton.

πŸ’¬ Support request
Status

Postponed: needs info

Version

2.0

Component

Code

Created by

πŸ‡ΊπŸ‡ΈUnited States JenniferRader

Live updates comments and jobs are added and updated live.
Sign in to follow issues

Comments & Activities

Not all content is available!

It's likely this issue predates Contrib.social: some issue and comment data are missing.

  • Comment over 1 year ago β†’
    πŸ‡ΊπŸ‡ΈUnited States BBC Madison, WI

    I got a notification from Facebook this morning that my app was hanging/crashing on login. Found the same error that OP described and found that the suggestion to switch to drupal_session_regenerate() addressed the issue.

  • First commit to issue fork.
  • Comment 4 months ago β†’
    πŸ‡ΈπŸ‡°Slovakia durifal

    We had the same issue, most probably because we support mixed session mode (http and https). The suggestion with drupal_session_regenerate() works fine for us, so I have created a patch, in case anybody would need it.

  • Comment 4 months ago β†’
    πŸ‡¦πŸ‡ΉAustria klausi πŸ‡¦πŸ‡Ή Vienna

    Thanks, makes sense!

contrib.social Blog FAQ Discussions
Production build 0.71.5 2024