On Wed, 16 Jan 2008 10:14:12 -0500 Earnie Boyd <earnie@users.sourceforge.net> wrote:
Quoting Ivan Sergio Borgonovo <mail@webthatworks.it>:
If there isn't any good reason to kill it... could this small change get into core?
Isn't it a problem that uid 0 has many sessions?
yes and no... All anonymous users share one entry in the users table BUT they don't share the same row in the sessions table. You can find what happens in include/sessions.inc sess_read drupal load stuff from sessions table... but then discharge it if the user is anonymous reloading from drupal_anonymous_user. I know that sid could be easily be loaded from $_SESSION but a common interface to registered/anon users would be nicer. You call your function the same way passing $user->sid no matter if the user is authenticated or not. I was wondering if there are any assumptions in the rest of drupal code about $user->sid for anonymous users... Generally uid is checked... but maybe in some cleanup place (eg. logout, session expiration, whatever in the thousands lines of code of drupal) the assumption that $user->sid is not set is made and I'd like to have surprises. If such assumption is not made... it would be nice if people that can commit on core made sid available even for anon users. I already patched my drupal... but patching others code without the hope your patch get included upstream is always a maintenance nightmare on the long run. If people find it a good idea to be able to get $user->sid even for not authenticated users... I don't mind about the implementation ;) If people think it is a bad idea, I'd like to know why. thx -- Ivan Sergio Borgonovo http://www.webthatworks.it