Log in from two different browsers, edit and save your account in one (don't change the password), and you become logged out in the other.

In user_save() there is this code:

    // If the password changed, delete all open sessions and recreate
    // the current one.
    if (isset($array['pass'])) {
      sess_destroy_uid($account->uid);
      sess_regenerate();
    }

However, when the user edit form is submitted, $array['pass'] is set (but empty), so the session is regenerated, even though the password doesn't change.

CommentFileSizeAuthor
user.module_73.patch648 bytesjohn morahan

Comments

drumm’s picture

drumm
he/him
Location NY, US
commented
Version: 5.2 » 6.x-dev
Status: Needs review » Reviewed & tested by the community

Committed to 5.x.

Applies to HEAD.

gábor hojtsy’s picture

gábor hojtsy
he/him
Primary language Hungarian
Location Hungary
commented
Status: Reviewed & tested by the community » Fixed

Thanks, committed!

Anonymous’s picture

(not verified) commented
Status: Fixed » Closed (fixed)