[development] transferring session info across login event

Neil Drumm drumm at delocalizedham.com
Sat Jul 26 00:59:12 UTC 2008


Then the easiest thing to do is to use your own id set
$_SESSION['ecommerce_cart_id'].

-Neil

On Fri, Jul 25, 2008 at 5:46 PM, mark burdett <mfburdett at gmail.com> wrote:

> To clarify, the issue I wrote about isn't related to $_SESSION, it's
> modules that store data in a separate table with session id as the key
> (as e-commerce does).  It seems this may be a flawed data model unless
> there is some means for modules to respond to regenerated session ids.
>
> --mark
>
> On Fri, Jul 25, 2008 at 5:09 PM, mark burdett <mfburdett at gmail.com> wrote:
> > I'd also like to know the proper technique for moving session data
> > from anonymous to logged in user.
> >
> > This diff
> http://cvs.drupal.org/viewvc.py/drupal/drupal/modules/user/user.module?r1=1.745.2.30&r2=1.745.2.31&pathrev=DRUPAL-5
> > shows how the session is now regenerated after a successful login and
> > before the login hook is invoked.  This change breaks the ability to
> > login and keep the contents of your shopping cart in drupal e-commerce
> > 5-3, for example.  Maybe pre-login and post-login hooks are needed?
> >
> > --mark
> >
> > On Wed, Jul 23, 2008 at 7:08 AM, Alan Dixon <alan.g.dixon at gmail.com>
> wrote:
> >> i'm wondering if your statement:
> >>
> >> "the login event regenerates the session"
> >>
> >> is completely true.
> >>
> >> I don't believe that the php session cookie changes, and I don't see
> >> anywhere (or why) drupal would completely remove all $_SESSION info on
> >> login.
> >>
> >> I think what does happen is that Drupal's private session stuff as
> >> stored in the session table gets cleared out (primarily the user
> >> object that gets cached, i'm not sure what else), but you don't need
> >> to worry about that do you?
> >>
> >> Put all your pre-login stuff into $_SESSION and then it should still
> >> be there after login, I think.
> >>
> >>  - Alan
> >>
> >> On Mon, Jul 14, 2008 at 1:37 PM, Joe Murray
> >> <joe.murray at jmaconsulting.biz> wrote:
> >>> I have a use case where anonymous users can do a bunch of work, and
> then at
> >>> the end request to save it, which requires logging in (and possibly
> also
> >>> creating an account). The login event regenerates the session, and so
> far as
> >>> I know 5.x does not provide a hook that can be used to copy info from
> the
> >>> old session into the new so that it can be saved in a way that is
> associated
> >>> with the correct uid. I suppose such a hook so would open up lots of
> >>> security issues. Still, this is the second time I've confronted this
> sort of
> >>> an issue, and I don't know the correct design pattern to handle it in
> >>> Drupal. Comments and suggestions welcome.
> >>>
> >>>
> >>>
> >>> Cheers,
> >>>
> >>>
> >>>
> >>> Joe Murray, PhD
> >>>
> >>> President, JMA Consulting
> >>>
> >>> @ The Centre for Social Innovation
> >>>
> >>> 215 Spadina Ave, Suite 400, Toronto, Ontario, Canada  M5T 2C7
> >>>
> >>> 416.466.1281, (416) 644-0116 (f)
> >>>
> >>> joe.murray at jmaconsulting.biz
> >>>
> >>> Skype: josephpmurray
> >>>
> >>>
> >>
> >>
> >>
> >> --
> >> Alan Dixon, Web Developer
> >> http://alan.g.dixon.googlepages.com/
> >>
> >
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.drupal.org/pipermail/development/attachments/20080725/eea2d4d8/attachment.htm 


More information about the development mailing list