Super Ninja Question: Auto-creating user and logging in (worth +15 magic points)
Oh harro, So an anonymous user hits http://example.com/start-building and we want them to be a full-fledged logged in user at the end of the page with no redirect to make the session stick. Yes that's right ladies and gentlemen, no drupal_goto()! The issue is, the session doesn't really stick until the next page hit, requiring a drupal_goto(). I've been doing some dumping of $_COOKIE to watchdog() and noticed that they have a different sess ID on that first hit. Then after doing a drupal_goto() they have another sess ID that ends up sticking throughout their session. *My question:* How would I give this anonymous user his/her legit session all in this same page hit so any AJAX calls they make from this same page (remember, no redirect!) will pass the good cookie, not this anonymous cookie (mmm, chocolate). Also, this triggered something in my brain about Drupal giving anonymous user's first hit a different cookie for some reason or another, but I forget exactly why. Is that related to my issue? If not, would someone mind explaining that anyways or pointing me in the right direction? Thanks, RobRoy
On Thu, 24 Jan 2008 22:25:27 -0800 Rob Barreca <rob@electronicinsight.com> wrote:
*My question:* How would I give this anonymous user his/her legit session all in this same page hit so any AJAX calls they make from this same page (remember, no redirect!) will pass the good cookie, not this anonymous cookie (mmm, chocolate).
I'm not an AJAX Ninja but why don't you build up a hook that call similar stuff in modules/user.module user_login_submit/validate? You will get back the right changed session without a redirect. The main problem could be delaying user login hooks of other modules: user_module_invoke('login', $form_values, $user); -- Ivan Sergio Borgonovo http://www.webthatworks.it
Ivan Sergio Borgonovo wrote:
I'm not an AJAX Ninja but why don't you build up a hook that call similar stuff in modules/user.module user_login_submit/validate?
You will get back the right changed session without a redirect.
The main problem could be delaying user login hooks of other modules:
user_module_invoke('login', $form_values, $user);
That's what we've been doing in the code all along. We've solved this, here's what went down. The issue wasn't that the user wasn't properly getting logged in, it was that when you change a user's password with user_save(), the session gets recreated, thus generating a new session ID for that logged in user. After our auto-login code, users were required to set their password (since we generated a random one for them). The reason this broke our code is that we're using SWFUpload which needs the PHPSESSID when sending uploads because they come from an anonymous Flash session. We were passing the PHPSESSID from Drupal as a JavaScript variable in the main page load. But wait! Since the form to change the user's password was in an AJAX Thickbox, the session ID gets regenerated but since the main page doesn't refresh, the JS var doesn't get sent anew from Drupal. So now we just pass the JS var back through the AJAX callback to the Thickbox and it gets updated when user_save() regenerates the session ID. Yeah! -RobRoy
Cool. Thanks for describing your solution. On Jan 27, 2008 5:52 AM, Rob Barreca <rob@electronicinsight.com> wrote:
Ivan Sergio Borgonovo wrote:
I'm not an AJAX Ninja but why don't you build up a hook that call similar stuff in modules/user.module user_login_submit/validate?
You will get back the right changed session without a redirect.
The main problem could be delaying user login hooks of other modules:
user_module_invoke('login', $form_values, $user);
That's what we've been doing in the code all along. We've solved this, here's what went down.
Quoting Rob Barreca <rob@electronicinsight.com>:
Oh harro,
So an anonymous user hits http://example.com/start-building and we want them to be a full-fledged logged in user at the end of the page with no redirect to make the session stick. Yes that's right ladies and gentlemen, no drupal_goto()!
Cool idea.
The issue is, the session doesn't really stick until the next page hit, requiring a drupal_goto(). I've been doing some dumping of $_COOKIE to watchdog() and noticed that they have a different sess ID on that first hit. Then after doing a drupal_goto() they have another sess ID that ends up sticking throughout their session.
The session changes because of <code> // Even though session_write_close() is registered as a shutdown function, we // need all session data written to the database before redirecting. session_write_close(); </code> from drupal_goto().
*My question:* How would I give this anonymous user his/her legit session all in this same page hit so any AJAX calls they make from this same page (remember, no redirect!) will pass the good cookie, not this anonymous cookie (mmm, chocolate).
Does http://api.drupal.org/api/file/includes/session.inc/5 help?
Also, this triggered something in my brain about Drupal giving anonymous user's first hit a different cookie for some reason or another, but I forget exactly why. Is that related to my issue? If not, would someone mind explaining that anyways or pointing me in the right direction?
Since cookies are session driven, probably. Earnie -- http://for-my-kids.com/ -- http://give-me-an-offer.com/
participants (4)
-
Chris Johnson -
Earnie Boyd -
Ivan Sergio Borgonovo -
Rob Barreca