i'm wondering if your statement: "the login event regenerates the session" is completely true. I don't believe that the php session cookie changes, and I don't see anywhere (or why) drupal would completely remove all $_SESSION info on login. I think what does happen is that Drupal's private session stuff as stored in the session table gets cleared out (primarily the user object that gets cached, i'm not sure what else), but you don't need to worry about that do you? Put all your pre-login stuff into $_SESSION and then it should still be there after login, I think. - Alan On Mon, Jul 14, 2008 at 1:37 PM, Joe Murray <joe.murray@jmaconsulting.biz> wrote:
I have a use case where anonymous users can do a bunch of work, and then at the end request to save it, which requires logging in (and possibly also creating an account). The login event regenerates the session, and so far as I know 5.x does not provide a hook that can be used to copy info from the old session into the new so that it can be saved in a way that is associated with the correct uid. I suppose such a hook so would open up lots of security issues. Still, this is the second time I've confronted this sort of an issue, and I don't know the correct design pattern to handle it in Drupal. Comments and suggestions welcome.
Cheers,
Joe Murray, PhD
President, JMA Consulting
@ The Centre for Social Innovation
215 Spadina Ave, Suite 400, Toronto, Ontario, Canada M5T 2C7
416.466.1281, (416) 644-0116 (f)
joe.murray@jmaconsulting.biz
Skype: josephpmurray
-- Alan Dixon, Web Developer http://alan.g.dixon.googlepages.com/