Contrib.social

Drupal 9.2's change to session handling is not compatible with this module

Open on Drupal.org β†’
Created on 4 January 2021, over 4 years ago
Updated 14 May 2024, 12 months ago

Problem/Motivation

[copied from dup issue #3295347]

We noticed that sometimes logins via CAS fail. You end up on the frontpage without being logged in. Then if you try it again, it usually succeeds.

This is caused because CasUserManager::login() calls $this->session->getId(). Since 9.2, Drupal core uses lazy sessions and relies on PHP to generate the session ID. The call to getId() causes Drupal to generate the session ID itself, however this can contain characters that are invalid in a session ID (underscores for example). This session ID fails the check in Symfony's NativeSessionStorage::start() and a new session ID is created. Therefore you are not logged in.

Proposed resolution

As indicated by the change record β†’ , code should not use the session ID.

πŸ› Bug report
Status

Needs work

Version

2.0

Component

CAS

Created by

πŸ‡ΊπŸ‡ΈUnited States bkosborne New Jersey, USA

Live updates comments and jobs are added and updated live.
Sign in to follow issues

Comments & Activities

Not all content is available!

It's likely this issue predates Contrib.social: some issue and comment data are missing.

contrib.social Blog FAQ Discussions
Production build 0.71.5 2024