[development] Super Ninja Question: Auto-creating user and logging in (worth +15 magic points)

[Earnie Boyd]

Quoting Rob Barreca <rob at electronicinsight.com>:

> Oh harro,
>
> So an anonymous user hits http://example.com/start-building and we 
> want them to be a full-fledged logged in user at the end of the page 
> with no redirect to make the session stick. Yes that's right ladies 
> and gentlemen, no drupal_goto()!
>

Cool idea.

> The issue is, the session doesn't really stick until the next page 
> hit, requiring a drupal_goto(). I've been doing some dumping of 
> $_COOKIE to watchdog() and noticed that they have a different sess ID 
> on that first hit. Then after doing a drupal_goto() they have another 
> sess ID that ends up sticking throughout their session.
>

The session changes because of
<code>
  // Even though session_write_close() is registered as a shutdown function, we
  // need all session data written to the database before redirecting.
  session_write_close();
</code>
from drupal_goto().

> *My question:* How would I give this anonymous user his/her legit 
> session all in this same page hit so any AJAX calls they make from 
> this same page (remember, no redirect!) will pass the good cookie, 
> not this anonymous cookie (mmm, chocolate).
>

Does http://api.drupal.org/api/file/includes/session.inc/5 help?

> Also, this triggered something in my brain about Drupal giving 
> anonymous user's first hit a different cookie for some reason or 
> another, but I forget exactly why. Is that related to my issue? If 
> not, would someone mind explaining that anyways or pointing me in the 
> right direction?
>

Since cookies are session driven, probably.

Earnie -- http://for-my-kids.com/
-- http://give-me-an-offer.com/