I am testing V1.6 with MSM on an installation with two sites. Both sites ran prior to the upgrade as separate domains, with one as the “main” domain and the other as a secondary domain. The System Security and Session Preferences, User Session Type, was set to “Cookies and Session ID” prior to the upgrade and worked reliably. The host is pmachinehosting - CA DC. This problem has to do with Security and Session Preferences, User Session Type.
Both sites consist of both public and private areas, and the private areas of both sites are accessed via a standard login form/template which returns to a “landing” template which checks the group_ids using advanced conditionals, and then embeds templates accordingly. This may be unorthodox but it works on Site1 but not Site2.
Since the upgrade, the domain that formerly was “main” (now “Site1”) still works properly with the same User Session Type setting as before, but the secondary domain ( now “Site2”) accepts the login but then fails on the landing page unless it’s Session Type setting is “Cookies Only.” The nature of the failure is one whereby the just-logged-in user group_id is not recognised by a conditional.
This is no a big deal for now, but security is an issue with this site and I need to know if this is normal behavior or not, because I would prefer to go back to the old setting at some point.
For what it is worth the “landing” page code for both sites is structured identically, and the code which fails is as follows(reduced to essentials and pseudo-coded for clarity):
{if group_id == 1}
{embed="blog1_templ_group/template_1"}
{if:elseif group_id == "something_else"}
{embed="blog1_templ_group/{template_2"}
{if:else}
{embed="{blog1_templ_group}/{reject_access_template}"}
{/if}Because the group_id is not recognised, the “access failure” template is embedded. I get the same results with simple conditionals, and the also when I replace the embeds with HTML redirects. The problem is firmly due to non-recognition of the group_id after successful login. The code is not between weblog entry tags.
I have checked that the template access settings are such as to permit access (but then, this fails even with the superadmin’s ID)
I re-uploaded all the new code that came with 1.6 and rechecked the settings and permissions. If there is anything wrong there I am too stupid to recognize it - time to call the cavalry.
The build - Build: 20070622
Both Firefox and Safari show same symptoms. The Terminal is OS X