[development] transferring session info across login event

Sat Jul 26 00:46:20 UTC 2008

To clarify, the issue I wrote about isn't related to $_SESSION, it's
modules that store data in a separate table with session id as the key
(as e-commerce does).  It seems this may be a flawed data model unless
there is some means for modules to respond to regenerated session ids.

--mark

On Fri, Jul 25, 2008 at 5:09 PM, mark burdett <mfburdett at gmail.com> wrote:
> I'd also like to know the proper technique for moving session data
> from anonymous to logged in user.
>
> This diff http://cvs.drupal.org/viewvc.py/drupal/drupal/modules/user/user.module?r1=1.745.2.30&r2=1.745.2.31&pathrev=DRUPAL-5
> shows how the session is now regenerated after a successful login and
> before the login hook is invoked.  This change breaks the ability to
> login and keep the contents of your shopping cart in drupal e-commerce
> 5-3, for example.  Maybe pre-login and post-login hooks are needed?
>
> --mark
>
> On Wed, Jul 23, 2008 at 7:08 AM, Alan Dixon <alan.g.dixon at gmail.com> wrote:
>> i'm wondering if your statement:
>>
>> "the login event regenerates the session"
>>
>> is completely true.
>>
>> I don't believe that the php session cookie changes, and I don't see
>> anywhere (or why) drupal would completely remove all $_SESSION info on
>> login.
>>
>> I think what does happen is that Drupal's private session stuff as
>> stored in the session table gets cleared out (primarily the user
>> object that gets cached, i'm not sure what else), but you don't need
>> to worry about that do you?
>>
>> Put all your pre-login stuff into $_SESSION and then it should still
>> be there after login, I think.
>>
>>  - Alan
>>
>> On Mon, Jul 14, 2008 at 1:37 PM, Joe Murray
>> <joe.murray at jmaconsulting.biz> wrote:
>>> I have a use case where anonymous users can do a bunch of work, and then at
>>> the end request to save it, which requires logging in (and possibly also
>>> creating an account). The login event regenerates the session, and so far as
>>> I know 5.x does not provide a hook that can be used to copy info from the
>>> old session into the new so that it can be saved in a way that is associated
>>> with the correct uid. I suppose such a hook so would open up lots of
>>> security issues. Still, this is the second time I've confronted this sort of
>>> an issue, and I don't know the correct design pattern to handle it in
>>> Drupal. Comments and suggestions welcome.
>>>
>>>
>>>
>>> Cheers,
>>>
>>>
>>>
>>> Joe Murray, PhD
>>>
>>> President, JMA Consulting
>>>
>>> @ The Centre for Social Innovation
>>>
>>> 215 Spadina Ave, Suite 400, Toronto, Ontario, Canada  M5T 2C7
>>>
>>> 416.466.1281, (416) 644-0116 (f)
>>>
>>> joe.murray at jmaconsulting.biz
>>>
>>> Skype: josephpmurray
>>>
>>>
>>
>>
>>
>> --
>> Alan Dixon, Web Developer
>> http://alan.g.dixon.googlepages.com/
>>
>