Enabling OpenID to work when anonymous user sessions are disabled

Posted May 18, 2010 // 3 comments

If you have a Drupal installation, such as Pressflow, that does not initialize sessions for anonymous users, you may have found that certain modules don’t work correctly. One of these modules, in Drupal 6, is the OpenID module.

The OpenID module relies on storing user data in an anonymous user’s session. If a session hasn’t been started, then the login fails because the data does not get stored.

Instead of patching the OpenID module, which is part of Core, you can use a hook in a module to restore the OpenID functionality.

First, we’ll alter the user_login form to add a validation function to the beginning of the form validate array if the OpenID form has been submitted. (Note: This hook_form_alter needs to run after the form_alter hook in the OpenID module. If your validation function is not being called, you may need to adjust the module weights.)

1
2
3
4
5
6
7

function module_form_alter(&$form, $form_state, $form_id) {
  if($form_id == 'user_login') {
    if (!empty($form_state['post']['openid_identifier'])) {
      array_unshift($form['#validate'],'module_openid_validate');
    }    
  }
}

In our validation function, we check to make sure the OpenID form has been submitted, and if so, explicitly start a session. This way, the OpenID module is able to store data in an anonymous user’s session.

1
2
3
4
5

function module_openid_validate($form, &$form_state) {
  if(!empty($form_state['values']['openid_identifier']) && !empty($form_state['values']['openid.return_to'])) {
    session_start();
  }
}  

The benefit of solving this problem through the hook instead of a Core patch is that there is nothing to keep track of during upgrades.