Contrib.social

Invalid session on multi container app

Open on Drupal.org →
Created on 4 August 2025, about 2 months ago

Problem/Motivation

I'm using the TFA module on a D10 site hosted on Pantheon. Some users intermittently get a 403 "Invalid session" error after entering their credentials and being redirected to the TFA verification page.

The issue seems related to the private tempstore’s ownership key (core.tempstore.private.owner) being lost or not matching, likely due to Pantheon’s multi-container infrastructure and session handling. Even after enabling Redis-backed session storage and overriding tempStoreUid() to force session start and write-close, the problem persists.

Has anyone had the same issue?

💬 Support request
Status

Active

Version

1.0

Component

Code

Created by

🇷🇸Serbia g_miric

Live updates comments and jobs are added and updated live.
Sign in to follow issues

Comments & Activities

  • Issue created by @g_miric
  • Comment about 2 months ago
    🇺🇸United States cmlara

    It has been over 6 years since I have had a production site in Pantheon so I can't say that I remember their architecture layout.

    Quick glancing:
    This error should only be present if:

    • For some reason the UID is not an an integer like string (should never happen).
    • If the session is missing data(such as attempting to visit the entry form again after success, without auditing every line of code, maybe a login plugin granting access and another module redirecting back to the entry form).
    • PrivateTempStore not returning data (If the session somehow became authenticated mid request, or if the session was not synced between backends this could occur). I would expect Redis to solve the not-syncing issue.
  • Comment about 2 months ago
    🇷🇸Serbia g_miric

    I know that the issue is related to PrivateTempStore, but Redis didn't fix it. It is possible that it is related to race conditions, but I still need to check that.

contrib.social Blog FAQ Discussions
Production build 0.71.5 2024