I have a context called 'secure'.
When an anonymous user hits certain restricted resources in the 'web' context, they are redirected to a particular resource on 'secure'. This resource is protected by Shibboleth authentication, so they are first prompted to log in via Shibboleth before MODX even serves the resource. Once they've done that, the 'secure' resource fires a snippet runs which does the following:
- logs them in as user #35, a user who has access to lots of restricted resources in the 'web' context
- uses 'addSessionContext' to add a session context for the 'web' context
[li]redirects them back to whatever resource in the 'web' context they were originally trying to access - they should now have sufficient permissions to view it.
My code looks like this:
$uid = $modx->user->get('id');
if ($uid == 35) {
if ($modx->checkSession('web')) {
}
else {
$modx->user->addSessionContext('web');
}
}
if ($uid == 0) {
// code that logs in the anonymous user as user #35';
}
That's the code that I'm calling in an uncached snippet in my resource on the 'secure' context. They first have to do the Shibboleth authentication, then they get the resource, which fires the code above and then redirects them back to the original resource they requested.
This is working exactly the way I want it to... most of the time.
However, for some users, the code runs but the 'web' session doesn't seem to stick. The code runs, they get redirected back to a restricted page on the 'web' context *and can view it*. But when they click on a link to another restricted page, they get the unauthorized page again. They click the link, hit the 'secure' page again (instantaneously, because the Shibboleth requirements are already satisfied), the code fires again (the 'web' session context is added, again), and they get redirected the page they wanted. For these unlucky users, the effect is that every page they request on the site, they have to see the unauthorized message & click on the link before getting the content. Every. Single. Time.
I have no idea what these unlucky users may have in common. I don't think it is an issue with a certain browser. I'm wondering if it may be some sort of caching condition?
I'm hoping someone can see something obvious that I'm not doing quite right.
Any help would be GREATLY appreciated.