=== modified file 'includes/session.inc'
--- includes/session.inc	2008-11-11 16:49:37 +0000
+++ includes/session.inc	2008-11-17 16:25:21 +0000
@@ -66,7 +66,7 @@ function _sess_close() {
  *   was found or the user is anonymous.
  */
 function _sess_read($key) {
-  global $user;
+  global $user, $session_uid;
 
   // Write and Close handlers are called after destructing objects
   // since PHP 5.0.5.
@@ -74,6 +74,7 @@ function _sess_read($key) {
   // So we are moving session closure before destructing objects.
   register_shutdown_function('session_write_close');
 
+  $session_uid = 0;
   // Handle the case of first time visitors and clients that don't store
   // cookies (eg. web crawlers).
   if (!isset($_COOKIE[session_name()])) {
@@ -94,6 +95,7 @@ function _sess_read($key) {
     $user->roles = array();
     $user->roles[DRUPAL_AUTHENTICATED_RID] = 'authenticated user';
     $user->roles += db_query("SELECT r.rid, r.name FROM {role} r INNER JOIN {users_roles} ur ON ur.rid = r.rid WHERE ur.uid = :uid", array(':uid' => $user->uid))->fetchAllKeyed(0, 1);
+    $session_uid = $user->uid;
   }
   // We didn't find the client's record (session has expired), or they
   // are an anonymous user.
@@ -122,21 +124,21 @@ function _sess_read($key) {
  *   This function will always return TRUE.
  */
 function _sess_write($key, $value) {
-  global $user;
+  global $user, $session_uid;
 
-  // If saving of session data is disabled or if the client doesn't have a session,
-  // and one isn't being created ($value), do nothing. This keeps crawlers out of
-  // the session table. This reduces memory and server load, and gives more useful
-  // statistics. We can't eliminate anonymous session table rows without breaking
-  // the "Who's Online" block.
-  if (!drupal_save_session() || ($user->uid == 0 && empty($_COOKIE[session_name()]) && empty($value))) {
+  // If the client doesn't have a session, and one isn't being created ($value), 
+  // do nothing. This keeps crawlers out of the session table. This reduces
+  // memory and server load, and gives more useful statistics. We can't
+  // eliminate anonymous session table rows without breaking the 
+  // "Who's Online" block.
+  if ($session_uid == 0 && empty($_COOKIE[session_name()]) && empty($value)) {
     return TRUE;
   }
 
   db_merge('sessions')
     ->key(array('sid' => $key))
     ->fields(array(
-      'uid' => $user->uid,
+      'uid' => $session_uid,
       'cache' => isset($user->cache) ? $user->cache : 0,
       'hostname' => ip_address(),
       'session' => $value,
@@ -146,12 +148,12 @@ function _sess_write($key, $value) {
 
   // Last access time is updated no more frequently than once every 180 seconds.
   // This reduces contention in the users table.
-  if ($user->uid && REQUEST_TIME - $user->access > variable_get('session_write_interval', 180)) {
+  if ($session_uid && REQUEST_TIME - $user->access > variable_get('session_write_interval', 180)) {
     db_update('users')
       ->fields(array(
         'access' => REQUEST_TIME
       ))
-      ->condition('uid', $user->uid)
+      ->condition('uid', $session_uid)
       ->execute();
   }
 
@@ -242,25 +244,3 @@ function _sess_gc($lifetime) {
     ->execute();
   return TRUE;
 }
-
-/**
- * Determine whether to save session data of the current request.
- *
- * This function allows the caller to temporarily disable writing of
- * session data, should the request end while performing potentially
- * dangerous operations, such as manipulating the global $user object.
- * See http://drupal.org/node/218104 for usage.
- *
- * @param $status
- *   Disables writing of session data when FALSE, (re-)enables
- *   writing when TRUE.
- * @return
- *   FALSE if writing session data has been disabled. Otherwise, TRUE.
- */
-function drupal_save_session($status = NULL) {
-  static $save_session = TRUE;
-  if (isset($status)) {
-    $save_session = $status;
-  }
-  return $save_session;
-}

=== modified file 'modules/user/user.module'
--- modules/user/user.module	2008-11-15 11:45:03 +0000
+++ modules/user/user.module	2008-11-17 16:21:50 +0000
@@ -1332,7 +1332,7 @@ function user_login_final_validate($form
  *  A $user object, if successful.
  */
 function user_authenticate($form_values = array()) {
-  global $user;
+  global $user, $session_uid;
 
   $password = trim($form_values['pass']);
   // Name and pass keys are required.
@@ -1350,6 +1350,7 @@ function user_authenticate($form_values 
         }
         $account = user_load(array('uid' => $account->uid, 'status' => 1));
         $user = $account;
+        $session_uid = $user->uid;
         user_authenticate_finalize($form_values);
         return $user;
       }