Support for Drupal 7 is ending on 5 January 2025—it’s time to migrate to Drupal 10! Learn about the many benefits of Drupal 10 and find migration tools in our resource center.The code in session authentication has following conditions:
//If the user is logged in already and the callback contains the string login
//we need to set it to the original user so that the already logged in as @user message
//is displayed
if (strpos($arg[1]['callback'], 'login') !== FALSE) {
if($original_user->uid != 0) {
$user = $original_user;
}
}
//For every callback that has nothing to do with login we need to
//set it to the original user so that they are no longer anonymous
if (strpos($arg[1]['callback'], 'login') === FALSE) {
// The account should be restored to the session's user.
$user = $original_user;
}
This means that only in one case we do not do $user = $original_user; and that case is when anonymous user calls "login" method. But we change user object to anonymous user anyway. So we simply to not change one anonymous user object with another and that does not make much sense.
What I propose is to simplify all these conditions with simple:
$user = $original_user;
without any conditions.
| Comment | File | Size | Author |
|---|---|---|---|
| #1 | services-1898446-simplify-session-authentication.patch | 958 bytes | ygerasimov |
Comments
Comment #1
ygerasimov CreditAttribution: ygerasimov commentedComment #2
ygerasimov CreditAttribution: ygerasimov commentedComment #3
ygerasimov CreditAttribution: ygerasimov commented