The Drupal CMS uses a PHP cookie for managing the user session. Typically, I can log in and work normally on the site, but every few days I suddenly lose my session, i.e. after a page request I suddenly find myself logged out, and I can't log back in. From that point on, all login attempts are logged as successful in the Drupal log, but for me as the user they don't catch on, i.e. I continue to be unauthenticated. This is the behavior that would be expected when cookies are disabled. The browser does get a cookie, though, but there seems to be something wrong with it.
I'm using ZoneAlarm Security Suite 6.5.737.000, and here's where ZA enters the picture: the sad state above usually sticks for a day or so, and then suddenly everything works again. But I can also fix the problem by removing the site from the Privacy list, re-adding it, and allowing cookies again. From then on it works just fine for another couple of days...
It seems like ZA occasionally trashes one of its records. I've observed this behavior for a couple of years (!) already, with headers, ads, and now with cookies, on different computers, under different Windows versions and with different ZA versions, accessing different websites. It happens relatively rarely, so it's very hard to reproduce, but now that I spend a couple of hours on that specific Drupal site every day, it happens at least once a week. I'm in the process of building that site, and I could sort of live with the occasional ZA glitch, but now one of my early test users has reported the same problem (he's using ZA, too, of course). Should I tell him to throw out ZA?
Operating System:Windows XP Pro
Product Name:ZoneAlarm Internet Security Suite