Index: includes/session.inc
===================================================================
RCS file: /cvs/drupal/drupal/includes/session.inc,v
retrieving revision 1.28
diff -u -F^f -r1.28 session.inc
--- includes/session.inc	7 May 2006 00:08:36 -0000	1.28
+++ includes/session.inc	15 Aug 2006 07:46:54 -0000
@@ -17,39 +17,44 @@ function sess_close() {
 function sess_read($key) {
   global $user;
 
-  // retrieve data for a $user object
-  $result = db_query("SELECT sid FROM {sessions} WHERE sid = '%s'", $key);
-  if (!db_num_rows($result)) {
-    $result = db_query("SELECT u.* FROM {users} u WHERE u.uid = 0");
-  }
-  else {
-    $result = db_query("SELECT u.*, s.* FROM {users} u INNER JOIN {sessions} s ON u.uid = s.uid WHERE s.sid = '%s'", $key);
-  }
-
-  // Build $user object:
-  $user = db_fetch_object($result);
-  $user = drupal_unpack($user);
+  // Handle the case of first time visitors and clients that don't store cookies (eg. web crawlers).
+  if (!isset($_COOKIE[session_name()])) {
+    $user = drupal_anonymous_user();
+    return '';
+  }
+
+  // Otherwise, if the session is still active, we have a record of the client's session in the database.
+  $user = db_fetch_object(db_query("SELECT u.*, s.* FROM {users} u INNER JOIN {sessions} s ON u.uid = s.uid WHERE s.sid = '%s'", $key));
+
+  // We found the client's session record and they are an authenticated user
+  if ($user->uid > 0) {
+    // This is done to unserialize the data member of $user
+    $user = drupal_unpack($user);
 
-  // Add roles element to $user:
-  $user->roles = array();
-  if ($user->uid) {
+    // Add roles element to $user
+    $user->roles = array();
     $user->roles[DRUPAL_AUTHENTICATED_RID] = 'authenticated user';
-
     $result = db_query("SELECT r.rid, r.name FROM {role} r INNER JOIN {users_roles} ur ON ur.rid = r.rid WHERE ur.uid = %d", $user->uid);
     while ($role = db_fetch_object($result)) {
       $user->roles[$role->rid] = $role->name;
     }
   }
-  else {
-    $user->roles[DRUPAL_ANONYMOUS_RID] = 'anonymous user';
+  // We didn't find the client's record (session has expired), or they are an anonymous user.
+  else  {
+    $user = drupal_anonymous_user();
   }
 
-  return !empty($user->session) ? $user->session : '';
+  return $user->session;
 }
 
 function sess_write($key, $value) {
   global $user;
 
+  // If the client doesn't have a session, and one isn't being created ($value), do nothing.
+  if (empty($_COOKIE[session_name()]) && empty($value)) {
+    return TRUE;
+  }
+
   $result = db_query("SELECT sid FROM {sessions} WHERE sid = '%s'", $key);
 
   if (!db_num_rows($result)) {
@@ -87,5 +92,4 @@ function sess_gc($lifetime) {
   db_query("DELETE FROM {sessions} WHERE timestamp < %d", time() - $lifetime);
 
   return TRUE;
-}
-
+}
\ No newline at end of file
Index: includes/bootstrap.inc
===================================================================
RCS file: /cvs/drupal/drupal/includes/bootstrap.inc,v
retrieving revision 1.113
diff -u -F^f -r1.113 bootstrap.inc
--- includes/bootstrap.inc	15 Aug 2006 05:16:23 -0000	1.113
+++ includes/bootstrap.inc	15 Aug 2006 07:46:54 -0000
@@ -611,6 +611,20 @@ function drupal_is_denied($type, $mask) 
 }
 
 /**
+ * Generates a default annonymous $user object.
+ *
+ * @return Object - the user object.
+ */
+function drupal_anonymous_user() {
+  $user = new stdClass();
+  $user->uid = 0;
+  $user->hostname = $_SERVER['REMOTE_ADDR'];
+  $user->roles = array();
+  $user->roles[DRUPAL_ANONYMOUS_RID] = 'anonymous user';
+  return $user;
+}
+
+/**
  * A string describing a phase of Drupal to load. Each phase adds to the
  * previous one, so invoking a later phase automatically runs the earlier
  * phases too. The most important usage is that if you want to access
Index: modules/user/user.module
===================================================================
RCS file: /cvs/drupal/drupal/modules/user/user.module,v
retrieving revision 1.653
diff -u -F^f -r1.653 user.module
--- modules/user/user.module	14 Aug 2006 20:35:11 -0000	1.653
+++ modules/user/user.module	15 Aug 2006 07:46:56 -0000
@@ -47,6 +47,13 @@ function user_load($array = array()) {
   $query = array();
   $params = array();
 
+  // don't go to the database if loading an anonymous user
+  if (isset($array['uid']) && $array['uid'] == 0) {
+    $user = drupal_anonymous_user();
+    user_module_invoke('load', $array, $user);
+    return $user;
+  }
+
   foreach ($array as $key => $value) {
     if ($key == 'uid' || $key == 'status') {
       $query[] = "$key = %d";
@@ -132,7 +139,6 @@ function user_save($account, $array = ar
     }
     $query .= "data = '%s' ";
     $v[] = serialize($data);
-
     db_query("UPDATE {users} SET $query WHERE uid = %d", array_merge($v, array($account->uid)));
 
     // Reload user roles if provided