I’m working with a Drupal 5 website that has a strange logout issue. When users click a specific button that triggers a JavaScript function, some of them get automatically signed out.
Here’s what happens: The JS function creates a URL string and redirects users to a different page within our site. Both the original page and destination page have identical permission settings. However, after the redirect, certain users see an “Access Denied” message and find themselves logged out.
The weird part is that this doesn’t happen consistently. One user experiences this problem roughly 50% of the time, while another user gets logged out every single time they use this button. On my end, I can’t reproduce the issue at all on any of my test machines.
I suspect this might be related to Internet Explorer 6 usage, since the affected users seem to be using older browsers. Has anyone encountered similar session management problems with Drupal and JavaScript redirects? Any suggestions for troubleshooting this inconsistent logout behavior would be really helpful.
I encountered something very similar on a Drupal 5 site a few years back and it turned out to be related to how the session validation was handling the referrer checks during JavaScript redirects. IE6 specifically has problems with referrer headers when redirects happen through window.location calls versus natural page navigation. What fixed it for me was modifying the JavaScript redirect method. Instead of using window.location.href directly, I switched to using a form submission approach for the redirect. This ensures that all the proper headers and session tokens get passed along correctly. You might also want to check if your site has any custom session handling or security modules that could be interfering with the redirect process. Another thing to verify is whether the users experiencing issues have cookies disabled or restricted in their browser settings. IE6 users often have stricter security configurations that can cause session cookies to be dropped during programmatic redirects.
This sounds like a classic session cookie issue that I’ve run into before with older Drupal installations. The inconsistent behavior you’re describing usually points to cookie path or domain configuration problems that get worse when JavaScript handles the redirects. Since you mentioned IE6, that browser has notorious issues with cookie handling during JavaScript redirects, especially if there are any subtle differences in how the cookies are being processed between the original page load and the redirect. What I’d recommend checking first is your Drupal session configuration in the settings.php file - specifically the cookie_domain and base_url settings. Also worth investigating is whether your JavaScript redirect is preserving all the necessary session parameters. Sometimes when we construct URLs programmatically, we might be missing query parameters or fragments that Drupal needs to maintain the session state properly. Try logging the exact URLs being generated by your JavaScript function and compare them to what gets created during normal navigation.
could be timing issue tbh - javascript redirects sometimes fire before drupal finishes writing session data. ive seen this with ie6 where the redirect happens too fast and session gets corrupted. try adding small delay before redirect or use setTimeout function instead of immediate redirect.