Users cannot log in with "Drupal\Core\Http\Exception\CacheableAccessDeniedHttpException: The 'access user profiles' permission is required and the user must be active"

Created on 12 August 2021, about 4 years ago
Updated 19 January 2023, over 2 years ago

Problem/Motivation

Upgrading from Drupal 8.9.17 to Drupal 9.2.3
Unable to login either via /user/login or with the magic url from drush uli. Logs contain an error as follows:

Path: /user/1465604. Drupal\Core\Http\Exception\CacheableAccessDeniedHttpException: The 'access user profiles' permission is required and the user must be active. in Drupal\Core\Routing\AccessAwareRouter->checkAccess() (line 117 of /Users/localdev/hosts/localdev-www/web/core/lib/Drupal/Core/Routing/AccessAwareRouter.php).

This message is erroneous in that the user IS logged and IS an admin.

Repro

I've started from production 8.9.17 and from there logged in as an admin on Firefox
Then, I've switched the branch to 9.2.3 code, did the usual database update, cache clear, config import, etc.

In Chrome, I point to the local URL and the website loads as expected (not logged in). Attempting either login via the normal /user/login URL or via the magic token from drush uli, I get the error described above

Back on the Firefox browser, I'm still able to load the website now with Drupal 9.2.3 and still logged in as the admin user.

💬 Support request
Status

Active

Version

9.5

Component
Base 

Last updated about 19 hours ago

Created by

🇺🇸United States TMWagner

Live updates comments and jobs are added and updated live.
Sign in to follow issues

Comments & Activities

Not all content is available!

It's likely this issue predates Contrib.social: some issue and comment data are missing.

  • 🇺🇸United States twfahey

    Ran into this locally - I was using `drush uli` to jump into a local copy of the site. Just for context, I was using Docksal locally, my site was fully functional on Pantheon, no issues using `drush uli`, but `fin drush uli` (Docksal's implementation to run a drush command on my container) on my locally was sending me to an "Access denied" page - I cleared cookies for my local site, in this case `mysite.docksal.site`, and voila! I am back online. I understand this probably won't help a ton with an actual fix, but my primary hope here is to aid any future devs that might have found their way here, and offer a workaround solution.

  • 🇳🇱Netherlands florisg

    This is a really bad way of notifying the admin of permission errors, experienced the same today with group and domain access drupal 10 website.
    After configuring the permissions properly no more errors shown.

    Related #3213029 #3251815 #3168773 #3166208 #3166208

  • 🇮🇳India vipin.j

    We're facing this issue too with one of our Drupal 7 to Drupal 11.2.2 migrated production site.

    Locally there was no issue, all migration steps were executed well. Even for the same site, when it was migrated to UAT release we haven't notice this "Access denied" issue. But finally, when the UAT site is configured with production domain configuration with Apache, All of the site users including the Administrator, started facing the login issue as:

    Path: /user/admin?check_logged_in=1. Drupal\Core\Http\Exception\CacheableAccessDeniedHttpException: The 'access user profiles' permission is required. in Drupal\Core\Routing\AccessAwareRouter->checkAccess() (line 114 of /[PATH]/web/core/lib/Drupal/Core/Routing/AccessAwareRouter.php).

    After all possible tweaks with Apache site configuration, the issue haven't resolved. But when I checked the cookies in the browser (which is facing this issue), I found that there are two cookies with the same name exists in the list.

    If one session key name is edited and renamed, the site login allowed with no issue, but if the same renamed key is reverted, I again started facing the "Access denied" issue.

    Additionally, When I tried to login to the same site in a different browser where this site was never accessed, I faced no issue of "Access denied". Even if we try to login with Incognito mode, the login still works.

    So, same as #17, clearing the cookies solved the problem, but that is only for us. lots of our site users still facing the "Access denied" issue and we can't yet fix it, because we're still not sure its a Drupal Core issue or the cookie? as our other migrated site with the same Drupal version never faced this problem.

Production build 0.71.5 2024