Index: includes/session.inc =================================================================== RCS file: /cvs/drupal/drupal/includes/session.inc,v retrieving revision 1.37.2.2 diff -u -9 -p -r1.37.2.2 session.inc --- includes/session.inc 26 Jul 2007 19:16:45 -0000 1.37.2.2 +++ includes/session.inc 10 Nov 2008 17:53:12 -0000 @@ -51,42 +51,38 @@ function sess_read($key) { } return $user->session; } function sess_write($key, $value) { global $user; // If saving of session data is disabled or if the client doesn't have a session, - // and one isn't being created ($value), do nothing. - if (!session_save_session() || (empty($_COOKIE[session_name()]) && empty($value))) { + // and one isn't being created ($value), do nothing. This keeps crawlers out of + // the session table. This reduces memory and server load, and gives more useful + // statistics. We can't eliminate anonymous session table rows without breaking + // the throttle module and the "Who's Online" block. + if (!session_save_session() || ($user->uid == 0 && empty($_COOKIE[session_name()]) && empty($value))) { return TRUE; } - $result = db_query("SELECT sid FROM {sessions} WHERE sid = '%s'", $key); - - if (!db_num_rows($result)) { - // Only save session data when when the browser sends a cookie. This keeps - // crawlers out of session table. This reduces memory and server load, - // and gives more useful statistics. We can't eliminate anonymous session - // table rows without breaking throttle module and "Who's Online" block. - if ($user->uid || $value || count($_COOKIE)) { - db_query("INSERT INTO {sessions} (sid, uid, cache, hostname, session, timestamp) VALUES ('%s', %d, %d, '%s', '%s', %d)", $key, $user->uid, $user->cache, $_SERVER["REMOTE_ADDR"], $value, time()); - } - } - else { - db_query("UPDATE {sessions} SET uid = %d, cache = %d, hostname = '%s', session = '%s', timestamp = %d WHERE sid = '%s'", $user->uid, $user->cache, $_SERVER["REMOTE_ADDR"], $value, time(), $key); - + db_query("UPDATE {sessions} SET uid = %d, cache = %d, hostname = '%s', session = '%s', timestamp = %d WHERE sid = '%s'", $user->uid, isset($user->cache) ? $user->cache : '', $_SERVER["REMOTE_ADDR"], $value, time(), $key); + if (db_affected_rows()) { // TODO: this can be an expensive query. Perhaps only execute it every x minutes. Requires investigation into cache expiration. if ($user->uid) { db_query("UPDATE {users} SET access = %d WHERE uid = %d", time(), $user->uid); } } + else { + // If this query fails, another parallel request probably got here first. + // In that case, any session data generated in this request is discarded. + @db_query("INSERT INTO {sessions} (sid, uid, cache, hostname, session, timestamp) VALUES ('%s', %d, %d, '%s', '%s', %d)", $key, $user->uid, isset($user->cache) ? $user->cache : '', $_SERVER["REMOTE_ADDR"], $value, time()); + } return TRUE; } /** * Called when an anonymous user becomes authenticated or vice-versa. */ function sess_regenerate() { $old_session_id = session_id();