Details
-
Type: Bug
-
Status: Done/Fixed
-
Priority: Minor
-
Resolution: Cannot Reproduce
-
Affects Version/s: 4.2.1
-
Fix Version/s: None
-
Component/s: CiviCRM Profile
-
Labels:
Description
1. Create a block that uses a CiviCRM views handler and put that block on every page.
2. Create a CiviCRM profile and give authenticated users the ability to edit their own profile.
3. Logout.
4. Login as a user.
5. Go to your user page, click on edit, then click on the civicrm profile.
6. You will get this message "You do not have permission to edit this contact record. Contact the site administrator if you need assistance."
What's going on here is that the Drupal views handling stuff loads the view before logging the user in. This initialized CiviCRM which causes it to create its CRM_Core_Session object which stores a reference to $_SESSION. Then Drupal logs the user in and in the process recreates the session ID with session_id(...). This creates a new $_SESSION global variable which is not the same one as where the CRM_Core_Session _session member variable is pointing. So now when CiviCRM runs CRM_Core_BAO_UFMatch::synchronize to setup user id variables in the session, those get written to the old session and so disappear.
I've written a patch for this which I've attached, though I'm not convinced it is the correct approach. The nice thing about this way is that you don't have to worry about when Drupal is messing with the session. CiviCRM will always use the same session that Drupal is using.
This might fix CRM-9255 which I think may be related.