When a user is deleted by an administrator while he is browsing a drupal website immediately sees an error like this one

Fatal error: Duplicate entry '7ad0d1a0b4cbde4189cc4cdcacbef91a' for key 1 query: INSERT INTO sessions (sid, uid, hostname, timestamp) VALUES ('7ad0d1a0b4cbde4189cc4cdcacbef91a', 0, '', 1126817172) in /www/drupal/includes/database.mysql.inc on line 66

This error will continue as long as his sid remains the same ... and the sessions table is not cleaned up (which might feel like "ages" for the deleted user).

This is caused by the user module not cleaning up the user session after a user has been deleted.

How to reproduce
1. Create a test user
2. Log in as test user and navigate (so a session is created)
3. In another browser, as administrator delete the test user
4. make one more click as test user ... and enjoy

Fix is easy
user.module around Line 1166
db_query('DELETE FROM {users} WHERE uid = %d', $account->uid);
db_query('DELETE FROM {users_roles} WHERE uid = %d', $account->uid);
db_query('DELETE FROM {authmap} WHERE uid = %d', $account->uid);
+ db_query('DELETE FROM {sessions} WHERE uid = %d', $account->uid);
drupal_set_message(t('The account has been deleted.'));
module_invoke_all('user', 'delete', $edit, $account);

-- Geert

#2 user-delete-session.patch745 byteskbahey
#1 user-session.patch723 byteskbahey
Members fund testing for the Drupal project. Drupal Association Learn more


kbahey’s picture

Version: 4.6.3 »
723 bytes

Here is a patch against HEAD.

kbahey’s picture

Status: Active » Reviewed & tested by the community
745 bytes

This is a simple fix that should go into HEAD before 4.7.

Here is the patch for today's HEAD.

dfg’s picture


Dries’s picture

Status: Reviewed & tested by the community » Fixed

Committed to HEAD and DRUPAL-4-6. Thanks.

Anonymous’s picture

Status: Fixed » Closed (fixed)