views:

386

answers:

2

I have Drupal 5 site where a button is clicked and it calls a JavaScript function. The function basically builds a string, and then redirects to another page on our site. After clicking the button, sometimes the user gets logged out and sees the "Access Denied" screen, even though they were previously logged in. The page where they are being redirected has the same access restrictions as the previous page, but regardless of that, they shouldn't be getting logged out.

One user has this happen about half the time (the other half it works as it should), and another user has reported always being logged out when clicking that button. However, I'm always able to run it without a hitch on the machines I use, and I suspect it has to do with them using IE6. Has anyone run across this issue before, or have any ideas on what could be causing this? I've searched and posted in the Drupal forum, and searched in this forum, and have had no luck yet.

+3  A: 

Many things come to mind.

  • Is the page being redirected to on the same domain? domain.com and www.domain.com are NOT the same as far as cookies are concerned (depending on how they are set)..
  • Can you reproduce it 100% reliably in any browser? No offense to your users, but users are liars (or at least bad at reporting technical bugs). I wouldn't trust something a user told me as fact ("oh, well, yeah, I was closing the browser between tries. but that shouldn't matter.").
  • Is there something running on the server that is clearing out session, or is the session expiration limit set too loo?

Moral: go try and reproduce the issue first, so you can narrow down exactly what it is. I suggest Firebug + Firecookie for debugging Firefox and general cookie problems, and Fiddler2 (a proxy) for debugging IE.

gregmac
Very good advise.
Jeremy Banks
The fact that it happens to one user half the time (assuming they are on the same setup) leads me to think it's a session timeout as well. Loading the page, and then coming back after a coffee and hitting the button. Check php.ini to change timeout
mrinject
It was the first bullet point that fixed it. It was hard-coded previously, and once I changed it to window.location.host, it's now working as expected. Thanks gregmac!
Pamela
+1  A: 

I think to be honest, the best way would be to post the code that's causing this.

Drupal uses PHP sessions to do this, which use cookies... do any of the users have cookies switched off?

There are many things that can be causing this, redirecting do a different domain, something clearing out the sessions (/tmp cleanup?), but usually, I'd put something like this down to the browser.

Ask them if they can still reproduce using another browser (try firefox)... check their cookie security settings, and more.

Mez