? .DS_Store
? _70521_login.patch
? files
? latest.html
? modules/devel
? modules/game
? modules/htmltidy
? sites/feast-or-fa.mine.nu.drupal
Index: modules/user.module
===================================================================
RCS file: /cvs/drupal/drupal/modules/user.module,v
retrieving revision 1.632
diff -u -p -r1.632 user.module
--- modules/user.module	23 Jun 2006 07:06:17 -0000	1.632
+++ modules/user.module	28 Jun 2006 02:31:30 -0000
@@ -539,6 +539,10 @@ function user_block($op = 'list', $delta
       case 0:
         // For usability's sake, avoid showing two login forms on one page.
         if (!$user->uid && !(arg(0) == 'user' && !is_numeric(arg(1)))) {
+          // unset the time, if any. this prevents a 404 if a user
+          // relogs in on the page they were sent to when they logged out.
+          // see user_login_submit for explanation of the 'time' query param.
+          unset($_GET['time']);
           $form['#action'] = url($_GET['q'], drupal_get_destination());
           $form['#id'] = 'user-login-form';
           $form['name'] = array('#type' => 'textfield',
@@ -876,15 +880,18 @@ function user_auth_help_links() {
 function user_login($msg = '') {
   global $user, $base_url;
 
-  // If we are already logged on, go to the user page instead.
+  // If we are already logged on, go to the user
+  // page instead. The added time prevents caching.
   if ($user->uid) {
-    drupal_goto('user/'. $user->uid);
+    drupal_goto('user/'. $user->uid, 'time='. time());
   }
 
   // Display login form:
   if ($msg) {
     $form['message'] = array('#value' => "<p>$msg</p>");
   }
+  unset($_GET['time']);
+  $form['#action'] = url($_GET['q'], drupal_get_destination());
   $form['name'] = array('#type' => 'textfield',
     '#title' => t('Username'),
     '#size' => 30,
@@ -951,6 +958,9 @@ function user_login_submit($form_id, $fo
     session_regenerate_id();
     db_query("UPDATE {sessions} SET sid = '%s' WHERE sid = '%s'", session_id(), $old_session_id);
 
+    // create a timestamped final URL so that browsers don't return the user to
+    // a cached page (where it would appear as if they never logged in or out).
+    return array($_REQUEST['destination'], 'time='. time());
   }
 }
 
@@ -1017,7 +1027,8 @@ function user_logout() {
   // We have to use $GLOBALS to unset a global variable:
   $user = user_load(array('uid' => 0));
 
-  drupal_goto();
+  // The time prevents caching.
+  drupal_goto(NULL, 'time='. time());
 }
 
 function user_pass() {
@@ -1157,9 +1168,10 @@ function user_register() {
 
   $admin = user_access('administer users');
 
-  // If we aren't admin but already logged on, go to the user page instead.
+  // If we aren't admin but already logged on, go to the
+  // user page instead. The added time prevents caching.
   if (!$admin && $user->uid) {
-    drupal_goto('user/'. $user->uid);
+    drupal_goto('user/'. $user->uid, 'time='. time());
   }
 
   // Display the registration form.