Index: update.php
===================================================================
RCS file: /cvs/drupal/drupal/update.php,v
retrieving revision 1.326
diff -u -p -r1.326 update.php
--- update.php	23 Nov 2010 03:20:17 -0000	1.326
+++ update.php	2 Dec 2010 09:30:29 -0000
@@ -259,7 +259,21 @@ function update_access_denied_page() {
  *   TRUE if the current user should be granted access, or FALSE otherwise.
  */
 function update_access_allowed() {
-  global $update_free_access, $user;
+  global $update_free_access, $user, $base_url;
+
+  // Check for a valid D6 session.
+  list( , $session_name) = explode('://', $base_url, 2);
+  if (ini_get('session.cookie_secure')) {
+    $session_name .= 'SSL';
+  }
+  $session_name = 'SESS' . md5($session_name);
+  if (!empty($_COOKIE[$session_name])) {
+    // This is a D6 user attempting to upgrade the site.
+    // Load and then regenerate the session.
+    _drupal_session_read($_COOKIE[$session_name]);
+    _drupal_session_delete_cookie($session_name);
+    drupal_session_regenerate();
+  }
 
   // Allow the global variable in settings.php to override the access check.
   if (!empty($update_free_access)) {