[shib_auth] Mixing sessions (Was: Re: class registry in drupal 7 conflicting with shib sessions)
Andy Kohler
akohler at ucla.edu
Wed Aug 28 20:25:23 CEST 2013
Our symptoms, thus far:
User 1 logs into Drupal via Shib.
User 2 logs into Drupal via Shib a few minutes later (different
machine/ip/browser). We haven't narrowed down the timing, but it's 100%
reproducible within 5 minutes or so.
User 2 sees User 1's name in the Drupal admin toolbar, in the upper right
corner. We do use the admin_menu module, which I've seen mentioned
before. BUT...
We have a custom module which, on its first page, displays the user's name
(pulled from $user, after doing a $user->load). This also displays User
1's name incorrectly for User 2.
This does seem to be a display issue, not a rights issue. Once User 2
clicks on any link to interact with the system, the incorrect User 1 name
is replaced with the correct User 2 name. This is what led us to pinpoint
memcache as the problem (in our environment, at least).
--Andy
On Wed, Aug 28, 2013 at 10:55 AM, Kristof Bajnok <bajnokk at niif.hu> wrote:
> On 2013-08-28 17:47, Mike Cammilleri wrote:
> > We just experienced the symptom he describes. I had a student call me
> > yesterday afternoon to tell me that when he logged in as himself, drupal
> > was displaying MY username. I did currently have a shib session open.
>
> Mike, if you could tell, was it only _displaying_ your username or was
> the student actually possessing the rights you have? I really hope that
> it was the former, although it is still embarrassing, no doubt.
>
> We've already got a some reports similar to this
> (https://drupal.org/node/1949102), and I really want to fix it for good,
> but I need more info.
>
> Those of you, who had mis-identifying issues, could you describe your
> setup and the type of error you got (see above)?
>
> Kristof
>
> _______________________________________________
> shib_auth mailing list
> shib_auth at listserv.niif.hu
> https://listserv.niif.hu/mailman/listinfo/shib_auth
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://listserv.niif.hu/pipermail/shib_auth/attachments/20130828/d7ee05b2/attachment.html>
More information about the shib_auth
mailing list