=== modified file 'includes/session.inc' --- includes/session.inc 2008-11-11 16:49:37 +0000 +++ includes/session.inc 2008-11-17 16:17:12 +0000 @@ -66,7 +66,7 @@ function _sess_close() { * was found or the user is anonymous. */ function _sess_read($key) { - global $user; + global $user, $session_uid; // Write and Close handlers are called after destructing objects // since PHP 5.0.5. @@ -74,6 +74,7 @@ function _sess_read($key) { // So we are moving session closure before destructing objects. register_shutdown_function('session_write_close'); + $session_uid = 0; // Handle the case of first time visitors and clients that don't store // cookies (eg. web crawlers). if (!isset($_COOKIE[session_name()])) { @@ -94,6 +95,7 @@ function _sess_read($key) { $user->roles = array(); $user->roles[DRUPAL_AUTHENTICATED_RID] = 'authenticated user'; $user->roles += db_query("SELECT r.rid, r.name FROM {role} r INNER JOIN {users_roles} ur ON ur.rid = r.rid WHERE ur.uid = :uid", array(':uid' => $user->uid))->fetchAllKeyed(0, 1); + $session_uid = $user->uid; } // We didn't find the client's record (session has expired), or they // are an anonymous user. @@ -122,14 +124,14 @@ function _sess_read($key) { * This function will always return TRUE. */ function _sess_write($key, $value) { - global $user; + global $user, $session_uid; - // If saving of session data is disabled or if the client doesn't have a session, - // and one isn't being created ($value), do nothing. This keeps crawlers out of - // the session table. This reduces memory and server load, and gives more useful - // statistics. We can't eliminate anonymous session table rows without breaking - // the "Who's Online" block. - if (!drupal_save_session() || ($user->uid == 0 && empty($_COOKIE[session_name()]) && empty($value))) { + // If the client doesn't have a session, and one isn't being created ($value), + // do nothing. This keeps crawlers out of the session table. This reduces + // memory and server load, and gives more useful statistics. We can't + // eliminate anonymous session table rows without breaking the + // "Who's Online" block. + if ($user->uid == 0 && empty($_COOKIE[session_name()]) && empty($value)) { return TRUE; } @@ -242,25 +244,3 @@ function _sess_gc($lifetime) { ->execute(); return TRUE; } - -/** - * Determine whether to save session data of the current request. - * - * This function allows the caller to temporarily disable writing of - * session data, should the request end while performing potentially - * dangerous operations, such as manipulating the global $user object. - * See http://drupal.org/node/218104 for usage. - * - * @param $status - * Disables writing of session data when FALSE, (re-)enables - * writing when TRUE. - * @return - * FALSE if writing session data has been disabled. Otherwise, TRUE. - */ -function drupal_save_session($status = NULL) { - static $save_session = TRUE; - if (isset($status)) { - $save_session = $status; - } - return $save_session; -} === modified file 'modules/user/user.module' --- modules/user/user.module 2008-11-15 11:45:03 +0000 +++ modules/user/user.module 2008-11-17 16:17:52 +0000 @@ -1332,7 +1332,7 @@ function user_login_final_validate($form * A $user object, if successful. */ function user_authenticate($form_values = array()) { - global $user; + global $user, $session_uid; $password = trim($form_values['pass']); // Name and pass keys are required.