<div dir="ltr">Session ID regeneration is just that, a new session ID for the same session. Session variables are not overwritten.<br><br>To test, I found my session ID, for an anonymous session, and did:<br>UPDATE sessions SET session = 'debug|s:1:"a"' WHERE sid = '...';<br>
<br>After logging in, the session variables had not changed. Executing<br>print_r($_SESSION);<br>resulted in the expected<br>Array<br>(<br> [debug] => a<br>)<br><br>-Neil<br><br><div class="gmail_quote">On Fri, Jul 25, 2008 at 5:09 PM, mark burdett <<a href="mailto:mfburdett@gmail.com">mfburdett@gmail.com</a>> wrote:<br>
<blockquote class="gmail_quote" style="border-left: 1px solid rgb(204, 204, 204); margin: 0pt 0pt 0pt 0.8ex; padding-left: 1ex;">I'd also like to know the proper technique for moving session data<br>
from anonymous to logged in user.<br>
<br>
This diff <a href="http://cvs.drupal.org/viewvc.py/drupal/drupal/modules/user/user.module?r1=1.745.2.30&r2=1.745.2.31&pathrev=DRUPAL-5" target="_blank">http://cvs.drupal.org/viewvc.py/drupal/drupal/modules/user/user.module?r1=1.745.2.30&r2=1.745.2.31&pathrev=DRUPAL-5</a><br>
shows how the session is now regenerated after a successful login and<br>
before the login hook is invoked. This change breaks the ability to<br>
login and keep the contents of your shopping cart in drupal e-commerce<br>
5-3, for example. Maybe pre-login and post-login hooks are needed?<br>
<font color="#888888"><br>
--mark<br>
</font><div><div></div><div class="Wj3C7c"><br>
On Wed, Jul 23, 2008 at 7:08 AM, Alan Dixon <<a href="mailto:alan.g.dixon@gmail.com">alan.g.dixon@gmail.com</a>> wrote:<br>
> i'm wondering if your statement:<br>
><br>
> "the login event regenerates the session"<br>
><br>
> is completely true.<br>
><br>
> I don't believe that the php session cookie changes, and I don't see<br>
> anywhere (or why) drupal would completely remove all $_SESSION info on<br>
> login.<br>
><br>
> I think what does happen is that Drupal's private session stuff as<br>
> stored in the session table gets cleared out (primarily the user<br>
> object that gets cached, i'm not sure what else), but you don't need<br>
> to worry about that do you?<br>
><br>
> Put all your pre-login stuff into $_SESSION and then it should still<br>
> be there after login, I think.<br>
><br>
> - Alan<br>
><br>
> On Mon, Jul 14, 2008 at 1:37 PM, Joe Murray<br>
> <<a href="mailto:joe.murray@jmaconsulting.biz">joe.murray@jmaconsulting.biz</a>> wrote:<br>
>> I have a use case where anonymous users can do a bunch of work, and then at<br>
>> the end request to save it, which requires logging in (and possibly also<br>
>> creating an account). The login event regenerates the session, and so far as<br>
>> I know 5.x does not provide a hook that can be used to copy info from the<br>
>> old session into the new so that it can be saved in a way that is associated<br>
>> with the correct uid. I suppose such a hook so would open up lots of<br>
>> security issues. Still, this is the second time I've confronted this sort of<br>
>> an issue, and I don't know the correct design pattern to handle it in<br>
>> Drupal. Comments and suggestions welcome.<br>
>><br>
>><br>
>><br>
>> Cheers,<br>
>><br>
>><br>
>><br>
>> Joe Murray, PhD<br>
>><br>
>> President, JMA Consulting<br>
>><br>
>> @ The Centre for Social Innovation<br>
>><br>
>> 215 Spadina Ave, Suite 400, Toronto, Ontario, Canada M5T 2C7<br>
>><br>
>> 416.466.1281, (416) 644-0116 (f)<br>
>><br>
>> <a href="mailto:joe.murray@jmaconsulting.biz">joe.murray@jmaconsulting.biz</a><br>
>><br>
>> Skype: josephpmurray<br>
>><br>
>><br>
><br>
><br>
><br>
> --<br>
> Alan Dixon, Web Developer<br>
> <a href="http://alan.g.dixon.googlepages.com/" target="_blank">http://alan.g.dixon.googlepages.com/</a><br>
><br>
</div></div></blockquote></div><br></div>