[development] transferring session info across login event
Larry Garfield
larry at garfieldtech.com
Sat Jul 26 02:10:04 UTC 2008
And for the love of god, keep the data you're saving small. Modules that store large amounts of data in the session, such as a fully loaded node, waste hundreds of megabytes of disk space from stale sessions. Seriously, burn the extra CPU cycles and keep the session size small.
--Larry Garfield
On Fri, 25 Jul 2008 17:59:12 -0700, "Neil Drumm" <drumm at delocalizedham.com> wrote:
> Then the easiest thing to do is to use your own id set
> $_SESSION['ecommerce_cart_id'].
>
> -Neil
>
> On Fri, Jul 25, 2008 at 5:46 PM, mark burdett <mfburdett at gmail.com> wrote:
>
>> To clarify, the issue I wrote about isn't related to $_SESSION, it's
>> modules that store data in a separate table with session id as the key
>> (as e-commerce does). It seems this may be a flawed data model unless
>> there is some means for modules to respond to regenerated session ids.
>>
>> --mark
>>
>> On Fri, Jul 25, 2008 at 5:09 PM, mark burdett <mfburdett at gmail.com>
> wrote:
>> > I'd also like to know the proper technique for moving session data
>> > from anonymous to logged in user.
>> >
>> > This diff
>>
> http://cvs.drupal.org/viewvc.py/drupal/drupal/modules/user/user.module?r1=1.745.2.30&r2=1.745.2.31&pathrev=DRUPAL-5
>> > shows how the session is now regenerated after a successful login and
>> > before the login hook is invoked. This change breaks the ability to
>> > login and keep the contents of your shopping cart in drupal e-commerce
>> > 5-3, for example. Maybe pre-login and post-login hooks are needed?
>> >
>> > --mark
>> >
>> > On Wed, Jul 23, 2008 at 7:08 AM, Alan Dixon <alan.g.dixon at gmail.com>
>> wrote:
>> >> i'm wondering if your statement:
>> >>
>> >> "the login event regenerates the session"
>> >>
>> >> is completely true.
>> >>
>> >> I don't believe that the php session cookie changes, and I don't see
>> >> anywhere (or why) drupal would completely remove all $_SESSION info
> on
>> >> login.
>> >>
>> >> I think what does happen is that Drupal's private session stuff as
>> >> stored in the session table gets cleared out (primarily the user
>> >> object that gets cached, i'm not sure what else), but you don't need
>> >> to worry about that do you?
>> >>
>> >> Put all your pre-login stuff into $_SESSION and then it should still
>> >> be there after login, I think.
>> >>
>> >> - Alan
>> >>
>> >> On Mon, Jul 14, 2008 at 1:37 PM, Joe Murray
>> >> <joe.murray at jmaconsulting.biz> wrote:
>> >>> I have a use case where anonymous users can do a bunch of work, and
>> then at
>> >>> the end request to save it, which requires logging in (and possibly
>> also
>> >>> creating an account). The login event regenerates the session, and
> so
>> far as
>> >>> I know 5.x does not provide a hook that can be used to copy info
> from
>> the
>> >>> old session into the new so that it can be saved in a way that is
>> associated
>> >>> with the correct uid. I suppose such a hook so would open up lots of
>> >>> security issues. Still, this is the second time I've confronted this
>> sort of
>> >>> an issue, and I don't know the correct design pattern to handle it
> in
>> >>> Drupal. Comments and suggestions welcome.
>> >>>
>> >>>
>> >>>
>> >>> Cheers,
>> >>>
>> >>>
>> >>>
>> >>> Joe Murray, PhD
>> >>>
>> >>> President, JMA Consulting
>> >>>
>> >>> @ The Centre for Social Innovation
>> >>>
>> >>> 215 Spadina Ave, Suite 400, Toronto, Ontario, Canada M5T 2C7
>> >>>
>> >>> 416.466.1281, (416) 644-0116 (f)
>> >>>
>> >>> joe.murray at jmaconsulting.biz
>> >>>
>> >>> Skype: josephpmurray
>> >>>
>> >>>
>> >>
>> >>
>> >>
>> >> --
>> >> Alan Dixon, Web Developer
>> >> http://alan.g.dixon.googlepages.com/
>> >>
>> >
>>
>
>
More information about the development
mailing list