Drupal update.php Access Denied for User 1

Updated 2018-04-02 with another possible solution

I've been having lots of Drupal "fun" in the past week or two (more on that later), and I finally managed to fix an issue that had been bugging me for a while on a site I had previously migrated from Drupal 6 to 7. Specifically the update.php page was not working. This despite the fact that I was logged in as user 1.

If I tried to visit update.php normally, I got Access Denied. If I tried to hack it by setting $update_free_access to TRUE, it would let me into the page and then hang on the Overview page. I could click the Continue button all I wanted but it just kept returning to Overview.

I'm not entirely sure of the root cause of this problem, but my suspicion is that it has to do with the fact that I moved the base URL of the site from /site to /site7 in the migration. I did this because I wanted to keep the site on the same server and the 6 to 7 migration path that I followed involved Drupal 7 importing the settings directly from the existing Drupal 6 site. This required both sites to be up and running at once. At least if I remember correctly. It's actually been quite a while since I did the migration.

In any case, the fix (which is probably what you're interested in) was to delete all the cookies for the site in my browser. After I did that, logged back in (deleting the session cookies will log you out), and tried update.php again everything worked as expected. \o/

Note that if you log out while in maintenance mode, you may not be able to find the login prompt from the main page. If this happens, visit the /user page of your site (for example, mine would be blog.nemebean.com/user). Even in maintenance mode that will provide a login page.

I did quite a bit of googling on this problem and didn't run across anything that said to clear your cookies in case of update.php problems. I found a few cookie-related suggestions for people who couldn't log in to their site at all, but that wasn't the case for me. I guess clearing cookies is a pretty common troubleshooting step for web apps and maybe I'm just dumb for not trying it earlier, but I thought I'd write this post and hopefully save someone else the aggravation.

Update: On a subsequent attempt to update my Drupal sites, I hit this problem again and it wasn't fixed by clearing my cookies. It turns out I hadn't properly configured one of my sites to redirect all traffic to the same URL (either mysite.com or www.mysite.com). This meant that when I logged in on mysite.com, then tried to visit update.php at www.mysite.com/update.php the cookies didn't match so it looked like I wasn't logged in at all. Since my brain doesn't tend to differentiate between the www and non-www forms of a site this was a tricky problem to debug. Hopefully now you won't have to.