Thanks to the people who responded and reviewed the patch. It has changed a bit since the first time. I'll summarize: - there was a flaw in the logic behind the query in user.module that counted the online authenticated users (didn't account for users who logged off explicitely) - user_logout was calling session_destroy (the php function) instead of sess_destroy (our override of that function). Changing this removed the necessity of handling a second parameter to sess_destroy: it now only accepts $uid as a parameter. - drupal_count_sessions has been renamed to sess_count for consistency. A second review would be appreciated. Robert Douglass wrote:
Hi all,
Moshe and I have been working on a patch that will make it easy to swap out session handling code and replace it with something else (like memcached, LDAP, 3rd party whatever....) The patch seems to be ready:
It doesn't change very much logic (almost none) in session handling, but rather moves code out of user.module and throttle.module and puts it into sessions.inc.
If you have a spare pair of eyeballs today, give it a look-see while it is still possible to get it in for 4.8/5.0
cheers,
Robert