[development] transferring session info across login event
drumm at delocalizedham.com
Sat Jul 26 00:46:08 UTC 2008
Session ID regeneration is just that, a new session ID for the same session.
Session variables are not overwritten.
To test, I found my session ID, for an anonymous session, and did:
UPDATE sessions SET session = 'debug|s:1:"a"' WHERE sid = '...';
After logging in, the session variables had not changed. Executing
resulted in the expected
[debug] => a
On Fri, Jul 25, 2008 at 5:09 PM, mark burdett <mfburdett at gmail.com> wrote:
> I'd also like to know the proper technique for moving session data
> from anonymous to logged in user.
> This diff
> shows how the session is now regenerated after a successful login and
> before the login hook is invoked. This change breaks the ability to
> login and keep the contents of your shopping cart in drupal e-commerce
> 5-3, for example. Maybe pre-login and post-login hooks are needed?
> On Wed, Jul 23, 2008 at 7:08 AM, Alan Dixon <alan.g.dixon at gmail.com>
> > i'm wondering if your statement:
> > "the login event regenerates the session"
> > is completely true.
> > I don't believe that the php session cookie changes, and I don't see
> > anywhere (or why) drupal would completely remove all $_SESSION info on
> > login.
> > I think what does happen is that Drupal's private session stuff as
> > stored in the session table gets cleared out (primarily the user
> > object that gets cached, i'm not sure what else), but you don't need
> > to worry about that do you?
> > Put all your pre-login stuff into $_SESSION and then it should still
> > be there after login, I think.
> > - Alan
> > On Mon, Jul 14, 2008 at 1:37 PM, Joe Murray
> > <joe.murray at jmaconsulting.biz> wrote:
> >> I have a use case where anonymous users can do a bunch of work, and then
> >> the end request to save it, which requires logging in (and possibly also
> >> creating an account). The login event regenerates the session, and so
> far as
> >> I know 5.x does not provide a hook that can be used to copy info from
> >> old session into the new so that it can be saved in a way that is
> >> with the correct uid. I suppose such a hook so would open up lots of
> >> security issues. Still, this is the second time I've confronted this
> sort of
> >> an issue, and I don't know the correct design pattern to handle it in
> >> Drupal. Comments and suggestions welcome.
> >> Cheers,
> >> Joe Murray, PhD
> >> President, JMA Consulting
> >> @ The Centre for Social Innovation
> >> 215 Spadina Ave, Suite 400, Toronto, Ontario, Canada M5T 2C7
> >> 416.466.1281, (416) 644-0116 (f)
> >> joe.murray at jmaconsulting.biz
> >> Skype: josephpmurray
> > --
> > Alan Dixon, Web Developer
> > http://alan.g.dixon.googlepages.com/
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the development