Support for Drupal 7 is ending on 5 January 2025—it’s time to migrate to Drupal 10! Learn about the many benefits of Drupal 10 and find migration tools in our resource center.
Log in from two different browsers, edit and save your account in one (don't change the password), and you become logged out in the other.
In user_save() there is this code:
// If the password changed, delete all open sessions and recreate
// the current one.
if (isset($array['pass'])) {
sess_destroy_uid($account->uid);
sess_regenerate();
}
However, when the user edit form is submitted, $array['pass']
is set (but empty), so the session is regenerated, even though the password doesn't change.
Comment | File | Size | Author |
---|---|---|---|
user.module_73.patch | 648 bytes | John Morahan | |
Comments
Comment #1
drummCommitted to 5.x.
Applies to HEAD.
Comment #2
Gábor HojtsyThanks, committed!
Comment #3
(not verified) CreditAttribution: commented