[development] transferring session info across login event

Alan Dixon alan.g.dixon at gmail.com
Wed Jul 23 14:08:56 UTC 2008

i'm wondering if your statement:

"the login event regenerates the session"

is completely true.

I don't believe that the php session cookie changes, and I don't see
anywhere (or why) drupal would completely remove all $_SESSION info on

I think what does happen is that Drupal's private session stuff as
stored in the session table gets cleared out (primarily the user
object that gets cached, i'm not sure what else), but you don't need
to worry about that do you?

Put all your pre-login stuff into $_SESSION and then it should still
be there after login, I think.

 - Alan

On Mon, Jul 14, 2008 at 1:37 PM, Joe Murray
<joe.murray at jmaconsulting.biz> wrote:
> I have a use case where anonymous users can do a bunch of work, and then at
> the end request to save it, which requires logging in (and possibly also
> creating an account). The login event regenerates the session, and so far as
> I know 5.x does not provide a hook that can be used to copy info from the
> old session into the new so that it can be saved in a way that is associated
> with the correct uid. I suppose such a hook so would open up lots of
> security issues. Still, this is the second time I've confronted this sort of
> an issue, and I don't know the correct design pattern to handle it in
> Drupal. Comments and suggestions welcome.
> Cheers,
> Joe Murray, PhD
> President, JMA Consulting
> @ The Centre for Social Innovation
> 215 Spadina Ave, Suite 400, Toronto, Ontario, Canada  M5T 2C7
> 416.466.1281, (416) 644-0116 (f)
> joe.murray at jmaconsulting.biz
> Skype: josephpmurray

Alan Dixon, Web Developer

More information about the development mailing list