PANTHEON Mercury

Cookie check issue with logging in

Bug #476403 reported by Thomas Bonte on 2009-11-06

This bug affects 1 person

Affects		Status	Importance	Assigned to	Milestone
	PANTHEON Mercury	Won't Fix	Undecided	Unassigned

Bug Description

I moved a D6 install from shared hosting to mercury (alpha 6) and have the cookie check module enabled: http://drupal.org/project/cookie_check

After the move, some users complained that they had to had to login twice before they could login, while after the first attempt, they got the cookie check error message: 'It seems your browser does not accept cookies. To log into this site, you need to accept cookies from the domain @domain.'

Currently, I can only think this is introduced by the mercury setup (varnish?) but haven't figured out where the exact problem comes from. Will investigate deeper later this month, but I thought I would report it already.

Tags:

Revision history for this message

Josh Koenig (joshkoenig) wrote on 2009-11-06:

Cookie check is likely completely incompatible with Pressflow's backport of lazy session creation from Drupal 7.

Pressflow prevents the creation of sessions for anonymous users until really necessary. This is an important performance enhancement across the board, and also is key in our use of Varnish, which bases its decision as to serving a cached page or not on the presence of a session cookie.

This plus the module's use of the validate hook will consistently mean that initial validation will fail because there's no cookie prior to the first form submit.

Unfortunately, these systems are fundamentally at odds, and I don't believe you can use the cookie_check with Pressflow or Varnish, and thus it's going to be problematic with Mercury.

Revision history for this message

Thomas Bonte (toemaz) wrote on 2009-11-07:

Hi Josh,

Thanks a lot for the quick answer. Seems like we will have to figure out something else to tell users Drupal is using cookies. I wonder how the cookie check module will be upgraded to D7 since D7 has that pressflow enhancement now not to use cookies for anonymous users.

Anyway, thx!

BTW the link to launchpad on http://www.getpantheon.com/contribute is not correct.

Revision history for this message

Josh Koenig (joshkoenig) wrote on 2009-11-10:

Indeed, this will also be a challenge for this module in Drupal 7. I think it should be easy to refactor it so that it sets its own "checking" cookie when the user login or register forms are rendered, and checks these in the validate step. If found, it removes the cookie and all is well. If that cookie is missing, it can give a sane error response.

However, I'm not the maintainer of that module, or even a user, so it'll have to fall to some other folks to make sure that gets done.

Josh Koenig (joshkoenig) on 2009-11-20

Changed in projectmercury:
status:	New → Won't Fix

Report a bug

This report contains Public information

Everyone can see this information.

You are

Subscribing...

Edit bug mail

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.