diff --git a/core/includes/session.inc b/core/includes/session.inc index 5ffbb8d..f154287 100644 --- a/core/includes/session.inc +++ b/core/includes/session.inc @@ -72,8 +72,6 @@ function _drupal_session_close() { * The user's session, or an empty string if no session exists. */ function _drupal_session_read($sid) { - global $user; - // Write and Close handlers are called after destructing objects // since PHP 5.0.5. // Thus destructors can use sessions but session handler can't use objects. @@ -86,6 +84,7 @@ function _drupal_session_read($sid) { $cookies = \Drupal::request()->cookies; if (!$cookies->has(session_name()) && !$cookies->has($insecure_session_name)) { $user = new UserSession(); + \Drupal::getContainer()->set('current_user', $user); return ''; } @@ -134,7 +133,7 @@ function _drupal_session_read($sid) { 'sid' => $sid, 'value' => $user->session, ); - + \Drupal::getContainer()->set('current_user', $user); return $user->session; } @@ -157,8 +156,6 @@ function _drupal_session_read($sid) { * Always returns TRUE. */ function _drupal_session_write($sid, $value) { - global $user; - // The exception handler is not active at this point, so we need to do it // manually. try { @@ -167,6 +164,8 @@ function _drupal_session_write($sid, $value) { return; } + $user = \Drupal::currentUser(); + // Check whether $_SESSION has been changed in this request. $last_read = &drupal_static('drupal_session_last_read'); $is_changed = !isset($last_read) || $last_read['sid'] != $sid || $last_read['value'] !== $value; @@ -238,8 +237,6 @@ function _drupal_session_write($sid, $value) { * Initializes the session handler, starting a session if needed. */ function drupal_session_initialize() { - global $user; - session_set_save_handler('_drupal_session_open', '_drupal_session_close', '_drupal_session_read', '_drupal_session_write', '_drupal_session_destroy', '_drupal_session_garbage_collection'); $is_https = \Drupal::request()->isSecure(); @@ -260,7 +257,7 @@ function drupal_session_initialize() { // processes (like drupal_get_token()) needs to know the future // session ID in advance. $GLOBALS['lazy_session'] = TRUE; - $user = drupal_anonymous_user(); + \Drupal::getContainer()->set('current_user', drupal_anonymous_user()); // Less random sessions (which are much faster to generate) are used for // anonymous users than are generated in drupal_session_regenerate() when // a user becomes authenticated. @@ -301,14 +298,12 @@ function drupal_session_start() { * If an anonymous user already have an empty session, destroy it. */ function drupal_session_commit() { - global $user; - if (!drupal_save_session()) { // We don't have anything to do if we are not allowed to save the session. return; } - if ($user->isAnonymous() && empty($_SESSION)) { + if (\Drupal::currentUser()->isAnonymous() && empty($_SESSION)) { // There is no session data to store, destroy the session if it was // previously started. if (drupal_session_started()) { @@ -350,8 +345,6 @@ function drupal_session_started($set = NULL) { * @ingroup php_wrappers */ function drupal_session_regenerate() { - global $user; - // Nothing to do if we are not allowed to change the session. if (!drupal_save_session()) { return; @@ -411,9 +404,9 @@ function drupal_session_regenerate() { // Start the session when it doesn't exist yet. // Preserve the logged in user, as it will be reset to anonymous // by _drupal_session_read. - $account = $user; + $account = \Drupal::currentUser(); drupal_session_start(); - $user = $account; + \Drupal::getContainer()->set('current_user', $account); } date_default_timezone_set(drupal_get_user_timezone()); } @@ -427,8 +420,6 @@ function drupal_session_regenerate() { * Session ID. */ function _drupal_session_destroy($sid) { - global $user; - // Nothing to do if we are not allowed to change the session. if (!drupal_save_session()) { return; @@ -443,7 +434,7 @@ function _drupal_session_destroy($sid) { // Reset $_SESSION and $user to prevent a new session from being started // in drupal_session_commit(). $_SESSION = array(); - $user = drupal_anonymous_user(); + \Drupal::getContainer()->set('current_user', drupal_anonymous_user()); // Unset the session cookies. _drupal_session_delete_cookie(session_name()); @@ -518,7 +509,7 @@ function _drupal_session_garbage_collection($lifetime) { * * This function allows the caller to temporarily disable writing of * session data, should the request end while performing potentially - * dangerous operations, such as manipulating the global $user object. + * dangerous operations, such as manipulating the current user object. * See http://drupal.org/node/218104 for usage. * * @param $status