Ivan Sergio Borgonovo wrote:
I'm not an AJAX Ninja but why don't you build up a hook that call similar stuff in modules/user.module user_login_submit/validate?
You will get back the right changed session without a redirect.
The main problem could be delaying user login hooks of other modules:
user_module_invoke('login', $form_values, $user);
That's what we've been doing in the code all along. We've solved this, here's what went down. The issue wasn't that the user wasn't properly getting logged in, it was that when you change a user's password with user_save(), the session gets recreated, thus generating a new session ID for that logged in user. After our auto-login code, users were required to set their password (since we generated a random one for them). The reason this broke our code is that we're using SWFUpload which needs the PHPSESSID when sending uploads because they come from an anonymous Flash session. We were passing the PHPSESSID from Drupal as a JavaScript variable in the main page load. But wait! Since the form to change the user's password was in an AJAX Thickbox, the session ID gets regenerated but since the main page doesn't refresh, the JS var doesn't get sent anew from Drupal. So now we just pass the JS var back through the AJAX callback to the Thickbox and it gets updated when user_save() regenerates the session ID. Yeah! -RobRoy