[development] transferring session info across login event
Alan Dixon
alan.g.dixon at gmail.com
Wed Jul 23 14:08:56 UTC 2008
i'm wondering if your statement:
"the login event regenerates the session"
is completely true.
I don't believe that the php session cookie changes, and I don't see
anywhere (or why) drupal would completely remove all $_SESSION info on
login.
I think what does happen is that Drupal's private session stuff as
stored in the session table gets cleared out (primarily the user
object that gets cached, i'm not sure what else), but you don't need
to worry about that do you?
Put all your pre-login stuff into $_SESSION and then it should still
be there after login, I think.
- Alan
On Mon, Jul 14, 2008 at 1:37 PM, Joe Murray
<joe.murray at jmaconsulting.biz> wrote:
> I have a use case where anonymous users can do a bunch of work, and then at
> the end request to save it, which requires logging in (and possibly also
> creating an account). The login event regenerates the session, and so far as
> I know 5.x does not provide a hook that can be used to copy info from the
> old session into the new so that it can be saved in a way that is associated
> with the correct uid. I suppose such a hook so would open up lots of
> security issues. Still, this is the second time I've confronted this sort of
> an issue, and I don't know the correct design pattern to handle it in
> Drupal. Comments and suggestions welcome.
>
>
>
> Cheers,
>
>
>
> Joe Murray, PhD
>
> President, JMA Consulting
>
> @ The Centre for Social Innovation
>
> 215 Spadina Ave, Suite 400, Toronto, Ontario, Canada M5T 2C7
>
> 416.466.1281, (416) 644-0116 (f)
>
> joe.murray at jmaconsulting.biz
>
> Skype: josephpmurray
>
>
--
Alan Dixon, Web Developer
http://alan.g.dixon.googlepages.com/
More information about the development
mailing list