Details
Major
Description
Summary: unable to process bounces, unsubscribes and etc through requests to soap php, all requests result in "Invalid key" error.
Note that this only occurs on Drupal cms.
the problem is related to this issue: CRM-8363
now that drupal bootstrap is being loaded which was introduced in 4.0.5 to address "Invalid login" error (CRM-8363) it messes up session persistence for the soap requests and session gets purged between authenticate and verify calls in SoapServer.php thus resulting in "Invalid Key" error on line 103 for any request such as bounce unsubscribe and etc.
I believe the correct solution that will address both "Invalid login" and "Invalid key" errors is to make sure that CRM_Utils_System_Drupal::authenticate does the right thing regardless of whether bootstrap is loaded or not since it's an optional param, ie even if $loadCMSBootstrap is false it should attempt to auth the given user and pass. Thats how it works in Joomla - see CRM/Utils/System/Joomla.php
Additionally SoapServer.php should be reverted to not load cms bootstrap on authentication.
I attached a possible patch. It fixes the issue in our tests but not sure what else it might affect in the system.