<div dir="ltr">For <a href="http://uclu.org">uclu.org</a> we run Memcache as the default cache backend and haven't run into issues. We also run Varnish (for the filter, page, and block caches).<div><br></div><div>Patrick</div>
<div><br></div></div><div class="gmail_extra"><br><br><div class="gmail_quote">On 28 August 2013 15:22, Kristof Bajnok <span dir="ltr"><<a href="mailto:bajnokk@niif.hu" target="_blank">bajnokk@niif.hu</a>></span> wrote:<br>
<blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">
<div>Andy,<br>
<br>
Can you please elaborate, what part of the session was overlapping between the users? I think we need to find a safe way for storing session-local variables without being screwed by the various caching mechanisms from time to time.<br>
<br>
For th OP, I can't think of a reason why shib_auth would get into registry cache at all. If you can dump the contents, you can spot whether there is anything interesting in it.<span class="HOEnZb"><font color="#888888"><br>
<br>
Kristof</font></span><div><div class="h5"><br><br><div class="gmail_quote">Andy Kohler <<a href="mailto:akohler@ucla.edu" target="_blank">akohler@ucla.edu</a>> wrote:<blockquote class="gmail_quote" style="margin:0pt 0pt 0pt 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex">
<div dir="ltr"><div><div>You might also try disabling memcache, if you use it.<br><br>In our environment, we've found that with memcache enabled (via settings.php, as a backend cache for everything except forms), Shib-created sessions can seemingly overlap (a user logging in within a few minutes of another user sees the first user's name).<br>
<br></div>This isn't the same as Mike's problem, but since cache is involved, it might be relevant.<br><br></div>--Andy<br><div><div class="gmail_extra"><br><br><div class="gmail_quote">On Wed, Aug 28, 2013 at 3:07 AM, Patrick Dawkins <span dir="ltr"><<a href="mailto:p.dawkins@ucl.ac.uk" target="_blank">p.dawkins@ucl.ac.uk</a>></span> wrote:<br>
<blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><div dir="ltr"><div>Hi Mike</div><div><br></div><div><br></div><div>The shib_auth module doesn't get involved with the registry - it contains no classes or interfaces, and the statement "SELECT * FROM registry WHERE module = 'shib_auth'" yields nothing.</div>
<div><br></div><div>I have never had registry issues with Shibboleth (although I have with Drupal Commerce, for which the <a href="https://drupal.org/project/registry_rebuild" target="_blank">registry rebuild</a> module is very useful).</div>
<div><br></div><div>So it sounds like it's something else and you have more debugging to do.</div><div><br></div><div>Since cache clearing has something to do with it, perhaps you have a module that's doing extra caching somewhere that's misbehaving. And the Performance section by no means lists all the caches in Drupal core or contrib - the list of caches can include bootstrap, block, page, menu, theme, system, user, node, token, views, entity, etc. What cookies are set in the browser after Shibboleth login - when it's working and when it isn't?</div>
<div><br></div><div><br></div><div>Regards</div><span><font color="#888888"></font><div><font color="#888888">Patrick</font></div></span><div><div><div><br></div><div class="gmail_extra"><br><br><div class="gmail_quote">
On 27 August 2013 20:29, Mike Cammilleri <span dir="ltr"><<a href="mailto:mikec@stat.wisc.edu" target="_blank">mikec@stat.wisc.edu</a>></span> wrote:<br>
<blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">We are using the shibboleth module with D7 which works, most of the time. Users can click on the shibboleth login link, be directed to the Idp, authenticated successfully and returned to D7, at which point .htaccess allows them in with<br>
<br>
AuthType Shibboleth<br>
ShibRequireSession Off<br>
require shibboleth<br>
ShibUseHeaders On<br>
<br>
About an hour or so goes by and all of a sudden D7 stops allowing the shib-authenticated user in. The user can still authenticate to the shib Idp, but when returned to the D7 site, drupal just behaves as if they never logged in at all. No error page, no 404 not found, no white page of death, just back to the D7 site and the login button for shib is still sitting there as if they never clicked on it.<br>
<br>
In order to fix this, all I need to do is flush the Class Registry from the Flush All Caches menu. Simply flushing that cache corrects the behavior and once again D7 will allow users to log in via shib. Until another hour goes by and D7 stops allowing shib users, and I need to flush the Class Registry again.<br>
<br>
Has anyone experienced this? What is in the Class Registry that could be causing D7 to think users aren't logged in? (Local drupal accounts work fine by the way). I turned off all caching in the Performance section, except for block caching which is greyed out because I'm using the Access Control module. This still has not fixed the problem.<br>
<br>
Any hints would be greatly appreciated.<br>
<br>
______________________________<u></u>_________________<br>
shib_auth mailing list<br>
<a href="mailto:shib_auth@listserv.niif.hu" target="_blank">shib_auth@listserv.niif.hu</a><br>
<a href="https://listserv.niif.hu/mailman/listinfo/shib_auth" target="_blank">https://listserv.niif.hu/<u></u>mailman/listinfo/shib_auth</a><br>
<br>
</blockquote></div><br></div></div></div></div>
<br>_______________________________________________<br>
shib_auth mailing list<br>
<a href="mailto:shib_auth@listserv.niif.hu" target="_blank">shib_auth@listserv.niif.hu</a><br>
<a href="https://listserv.niif.hu/mailman/listinfo/shib_auth" target="_blank">https://listserv.niif.hu/mailman/listinfo/shib_auth</a><br>
<br></blockquote></div><br></div></div></div>
<p style="margin-top:2.5em;margin-bottom:1em;border-bottom:1px solid #000"></p><pre><hr><br>shib_auth mailing list<br><a href="mailto:shib_auth@listserv.niif.hu" target="_blank">shib_auth@listserv.niif.hu</a><br><a href="https://listserv.niif.hu/mailman/listinfo/shib_auth" target="_blank">https://listserv.niif.hu/mailman/listinfo/shib_auth</a><br>
</pre></blockquote></div></div></div></div><br>_______________________________________________<br>
shib_auth mailing list<br>
<a href="mailto:shib_auth@listserv.niif.hu">shib_auth@listserv.niif.hu</a><br>
<a href="https://listserv.niif.hu/mailman/listinfo/shib_auth" target="_blank">https://listserv.niif.hu/mailman/listinfo/shib_auth</a><br>
<br></blockquote></div><br></div>