On Thu, 17 Jan 2008 12:01:57 +0100 Ivan Sergio Borgonovo <mail@webthatworks.it> wrote: OK... I've found another thing that can't find a place in the big picture. Even after login $user doesn't have $user->sid. You can't find it in hook load and login. While I can't find any better place to offer uniform access to sid for anonymous users other than the the below patch in core, it is very easy to add sid to $user object in a module... but well more than one module may need it as soon as the user is logged in, and since sid is getting into the $user object very soon later and anyway authenticated users have sid... why don't anticipate the addition of sid property into sess_regenerate? While the below patch have a marginal cost in term of memory (but well even carriage return in code have) anticipating the assignment of sid property shouldn't have it. Comments?
Index: includes/session.inc =================================================================== --- includes/session.inc (revisione 419) +++ includes/session.inc (copia locale) @@ -30,6 +30,7 @@
// Otherwise, if the session is still active, we have a record of the client's session in the database. $user = db_fetch_object(db_query("SELECT u.*, s.* FROM {users} u INNER JOIN {sessions} s ON u.uid = s.uid WHERE s.sid = '%s'", $key)); + $sid=$user->sid;
// We found the client's session record and they are an authenticated user if ($user && $user->uid > 0) { @@ -48,6 +49,7 @@ else { $session = isset($user->session) ? $user->session : ''; $user = drupal_anonymous_user($session); + $user->sid=$sid; }
return $user->session;
The situation I'm trying to deal with are anonymous users who own temporary objects not suited to be placed in $session, eg. e-commerce carts. I didn't use $key to fill $user->sid because I need a pk in {sessions}.
-- Ivan Sergio Borgonovo http://www.webthatworks.it