Index: includes/session.inc
===================================================================
RCS file: /cvs/drupal/drupal/includes/session.inc,v
retrieving revision 1.79
diff -u -r1.79 session.inc
--- includes/session.inc	9 Mar 2010 03:52:02 -0000	1.79
+++ includes/session.inc	3 Apr 2010 10:48:34 -0000
@@ -140,46 +140,60 @@
 function _drupal_session_write($sid, $value) {
   global $user, $is_https;
 
-  if (!drupal_save_session()) {
-    // We don't have anything to do if we are not allowed to save the session.
-    return;
-  }
-
-  $fields = array(
-    'uid' => $user->uid,
-    'cache' => isset($user->cache) ? $user->cache : 0,
-    'hostname' => ip_address(),
-    'session' => $value,
-    'timestamp' => REQUEST_TIME,
-  );
-  $key = array('sid' => $sid);
-  if ($is_https) {
-    $key['ssid'] = $sid;
-    $insecure_session_name = substr(session_name(), 1);
-    // The "secure pages" setting allows a site to simultaneously use both
-    // secure and insecure session cookies. If enabled, use the insecure session
-    // identifier as the sid.
-    if (variable_get('https', FALSE) && isset($_COOKIE[$insecure_session_name])) {
-      $key['sid'] = $_COOKIE[$insecure_session_name];
+  // The exception handler is not active at this point, so we need to do it manually.
+  try {
+    if (!drupal_save_session()) {
+      // We don't have anything to do if we are not allowed to save the session.
+      return;
     }
-  }
-  db_merge('sessions')
-    ->key($key)
-    ->fields($fields)
-    ->execute();
 
-  // Last access time is updated no more frequently than once every 180 seconds.
-  // This reduces contention in the users table.
-  if ($user->uid && REQUEST_TIME - $user->access > variable_get('session_write_interval', 180)) {
-    db_update('users')
-      ->fields(array(
-        'access' => REQUEST_TIME
-      ))
-      ->condition('uid', $user->uid)
+    $fields = array(
+      'uid' => $user->uid,
+      'cache' => isset($user->cache) ? $user->cache : 0,
+      'hostname' => ip_address(),
+      'session' => $value,
+      'timestamp' => REQUEST_TIME,
+    );
+    $key = array('sid' => $sid);
+    if ($is_https) {
+      $key['ssid'] = $sid;
+      $insecure_session_name = substr(session_name(), 1);
+      // The "secure pages" setting allows a site to simultaneously use both
+      // secure and insecure session cookies. If enabled, use the insecure session
+      // identifier as the sid.
+      if (variable_get('https', FALSE) && isset($_COOKIE[$insecure_session_name])) {
+        $key['sid'] = $_COOKIE[$insecure_session_name];
+      }
+    }
+    db_merge('sessions')
+      ->key($key)
+      ->fields($fields)
       ->execute();
-  }
 
-  return TRUE;
+    // Last access time is updated no more frequently than once every 180 seconds.
+    // This reduces contention in the users table.
+    if ($user->uid && REQUEST_TIME - $user->access > variable_get('session_write_interval', 180)) {
+      db_update('users')
+        ->fields(array(
+          'access' => REQUEST_TIME
+        ))
+        ->condition('uid', $user->uid)
+        ->execute();
+    }
+
+    return TRUE;
+  }
+  catch (Exception $exception) {
+    // If we are displaying errors, then do so with no possibility of a further uncaught exception being thrown.
+    $error_level = variable_get('error_level', ERROR_REPORTING_DISPLAY_ALL);
+    if ($error_level == ERROR_REPORTING_DISPLAY_ALL || (defined('MAINTENANCE_MODE') && MAINTENANCE_MODE == 'update')) {
+      require_once DRUPAL_ROOT . '/includes/errors.inc';
+      print 'Uncaught exception thrown in session handler.<br /><br />';
+      print _drupal_render_exception_safe($exception) . '<br /><br />';
+    }
+    
+    return FALSE;
+  }
 }
 
 /**