In Drupal 7 /user is the login page, blocking with Apache blocks other /user paths

Comments & Activities

Issue created by @desierto
First commit to issue fork.
Merge request !1Issue #3381784: In Drupal 7 /user is the login page, blocking with Apache blocks other /user paths → (Open) created by malcomio
Comment 10 months ago →
🇬🇧United Kingdom malcomio
See https://git.drupalcode.org/project/disable_login/-/merge_requests/1
Status changed to Needs review 17 days ago5:23pm 24 June 2025
Comment 17 days ago →
🇮🇳India maneesha binish
maneesha binish → made their first commit to this issue’s fork.
Comment 17 days ago →
🇮🇳India maneesha binish
I have pushed a commit to the existing issue fork branch 3381784-in-drupal-7, which is already part of the active Merge Request !1.

The original patch in hook_menu_alter() correctly applied the disable_login_check_access() callback to both /user and /user/login. However, upon testing, I observed that an anonymous user who accessed the login page using the correct secret key was still unable to access /user, which is not the intended behavior.
I have updated the logic inside disable_login_check_access() to:

Allow logged-in users to access /user.

Restrict access for anonymous users unless the correct secret key is provided in the URL query string.

No .htaccess rules are required — handled entirely within Drupal’s access system.
Verified on a clean D7 site. No regressions observed.

Merge Requests