Index: includes/session.inc =================================================================== RCS file: /cvs/drupal/drupal/includes/session.inc,v retrieving revision 1.28 diff -u -F^f -r1.28 session.inc --- includes/session.inc 7 May 2006 00:08:36 -0000 1.28 +++ includes/session.inc 14 Aug 2006 14:08:32 -0000 @@ -17,39 +17,44 @@ function sess_close() { function sess_read($key) { global $user; - // retrieve data for a $user object - $result = db_query("SELECT sid FROM {sessions} WHERE sid = '%s'", $key); - if (!db_num_rows($result)) { - $result = db_query("SELECT u.* FROM {users} u WHERE u.uid = 0"); - } - else { - $result = db_query("SELECT u.*, s.* FROM {users} u INNER JOIN {sessions} s ON u.uid = s.uid WHERE s.sid = '%s'", $key); - } - - // Build $user object: - $user = db_fetch_object($result); - $user = drupal_unpack($user); + // Handle the case of first time visitors and clients that don't store cookies (eg. web crawlers). + if (!isset($_COOKIE[session_name()])) { + $user = drupal_anonymous_user(); + return ''; + } + + // Otherwise, if the session is still active, we have a record of the client's session in the database. + $user = db_fetch_object(db_query("SELECT u.*, s.* FROM {users} u INNER JOIN {sessions} s ON u.uid = s.uid WHERE s.sid = '%s'", $key)); + + // We found the client's session record and they are an authenticated user + if ($user->uid > 0) { + // This is done to unserialize the data member of $user + $user = drupal_unpack($user); - // Add roles element to $user: - $user->roles = array(); - if ($user->uid) { + // Add roles element to $user + $user->roles = array(); $user->roles[DRUPAL_AUTHENTICATED_RID] = 'authenticated user'; - $result = db_query("SELECT r.rid, r.name FROM {role} r INNER JOIN {users_roles} ur ON ur.rid = r.rid WHERE ur.uid = %d", $user->uid); while ($role = db_fetch_object($result)) { $user->roles[$role->rid] = $role->name; } } - else { - $user->roles[DRUPAL_ANONYMOUS_RID] = 'anonymous user'; + // We didn't find the client's record (session has expired), or they are an anonymous user. + else { + $user = drupal_anonymous_user(); } - return !empty($user->session) ? $user->session : ''; + return $user->session; } function sess_write($key, $value) { global $user; + // If the client doesn't have a session, and one isn't being created ($value), do nothing. + if (empty($_COOKIE[session_name()]) && empty($value)) { + return TRUE; + } + $result = db_query("SELECT sid FROM {sessions} WHERE sid = '%s'", $key); if (!db_num_rows($result)) { @@ -89,3 +94,11 @@ function sess_gc($lifetime) { return TRUE; } +function drupal_anonymous_user() { + $user = new stdClass(); + $user->uid = 0; + $user->hostname = $_SERVER['REMOTE_ADDR']; + $user->roles = array(); + $user->roles[DRUPAL_ANONYMOUS_RID] = 'anonymous user'; + return $user; +} \ No newline at end of file Index: modules/user/user.module =================================================================== RCS file: /cvs/drupal/drupal/modules/user/user.module,v retrieving revision 1.652 diff -u -F^f -r1.652 user.module --- modules/user/user.module 14 Aug 2006 06:53:57 -0000 1.652 +++ modules/user/user.module 14 Aug 2006 14:08:34 -0000 @@ -47,6 +47,13 @@ function user_load($array = array()) { $query = array(); $params = array(); + // don't go to the database if loading an anonymous user + if (isset($array['uid']) && $array['uid'] == 0) { + $user = drupal_anonymous_user(); + user_module_invoke('load', $array, $user); + return $user; + } + foreach ($array as $key => $value) { if ($key == 'uid' || $key == 'status') { $query[] = "$key = %d"; @@ -132,7 +139,6 @@ function user_save($account, $array = ar } $query .= "data = '%s' "; $v[] = serialize($data); - db_query("UPDATE {users} SET $query WHERE uid = %d", array_merge($v, array($account->uid))); // Reload user roles if provided