Support for Drupal 7 is ending on 5 January 2025—it’s time to migrate to Drupal 10! Learn about the many benefits of Drupal 10 and find migration tools in our resource center.Line 44 of session.inc is
<?php
$user = drupal_anonymous_user($user->session);
?>However, in situations where $user->session is not set there is an error thrown ("Trying to get property of non-object"). Because the query to establish $user has failed (as it should), $user is not yet an object. So now we do
<?php
$session = isset($user->session) ? $user->session : '';
$user = drupal_anonymous_user($session);
?>| Comment | File | Size | Author |
|---|---|---|---|
| nosessjv.patch | 630 bytes | jvandyk | |
Comments
Comment #1
profix898 CreditAttribution: profix898 commentedMarked http://drupal.org/node/91004 (by stefano73 a few hours ago) as duplicate of this one.
Comment #2
stefano73 CreditAttribution: stefano73 commentedWhy not set $session to session_id() (or $key) when $user->session is not set?
Comment #3
profix898 CreditAttribution: profix898 commentedI guess, because in
function drupal_anonymous_user($session = '') { ..}the default value is''already!? Does it make any difference? Any advantage setting it tosession_id()?How can spawn a situation where this patch is needed? I tried to truncate the 'session' table but that seems not enough!
I will try to reproduce/review and comment back soon.
Comment #4
profix898 CreditAttribution: profix898 commented"Why not set $session to session_id()"
session_id(), if you need it, not?To reproduce one needs a session cookie in the browser, otherwise
if (!isset($_COOKIE[session_name()])) { $user = drupal_anonymous_user(); ... }simply returns with a (new) 'anonymous' user. The use case of this patch is e.g. when the user session has expired.Patch is simple and solved the issue.
Comment #5
drummCommitted to HEAD.
Comment #6
(not verified) CreditAttribution: commented