[development] Super Ninja Question: Auto-creating user and logging in (worth +15 magic points) [SOLVED]

Rob Barreca rob at electronicinsight.com
Sun Jan 27 04:52:33 UTC 2008

Ivan Sergio Borgonovo wrote:
> I'm not an AJAX Ninja but why don't you build up a hook that call
> similar stuff in modules/user.module user_login_submit/validate?
> You will get back the right changed session without a redirect.
> The main problem could be delaying user login hooks of other modules:
> user_module_invoke('login', $form_values, $user);

That's what we've been doing in the code all along. We've solved this, 
here's what went down.

The issue wasn't that the user wasn't properly getting logged in, it was 
that when you change a user's password with user_save(), the session 
gets recreated, thus generating a new session ID for that logged in 
user. After our auto-login code, users were required to set their 
password (since we generated a random one for them).

The reason this broke our code is that we're using SWFUpload which needs 
the PHPSESSID when sending uploads because they come from an anonymous 
Flash session. We were passing the PHPSESSID from Drupal as a JavaScript 
variable in the main page load. But wait! Since the form to change the 
user's password was in an AJAX Thickbox, the session ID gets regenerated 
but since the main page doesn't refresh, the JS var doesn't get sent 
anew from Drupal. So now we just pass the JS var back through the AJAX 
callback to the Thickbox and it gets updated when user_save() 
regenerates the session ID.



More information about the development mailing list