When a user is deleted by an administrator while he is browsing a drupal website immediately sees an error like this one

Fatal error: Duplicate entry '7ad0d1a0b4cbde4189cc4cdcacbef91a' for key 1 query: INSERT INTO sessions (sid, uid, hostname, timestamp) VALUES ('7ad0d1a0b4cbde4189cc4cdcacbef91a', 0, '81.188.68.15', 1126817172) in /www/drupal/includes/database.mysql.inc on line 66

This error will continue as long as his sid remains the same ... and the sessions table is not cleaned up (which might feel like "ages" for the deleted user).

This is caused by the user module not cleaning up the user session after a user has been deleted.

How to reproduce
1. Create a test user
2. Log in as test user and navigate (so a session is created)
3. In another browser, as administrator delete the test user
4. make one more click as test user ... and enjoy

Fix is easy
user.module around Line 1166
db_query('DELETE FROM {users} WHERE uid = %d', $account->uid);
db_query('DELETE FROM {users_roles} WHERE uid = %d', $account->uid);
db_query('DELETE FROM {authmap} WHERE uid = %d', $account->uid);
+ db_query('DELETE FROM {sessions} WHERE uid = %d', $account->uid);
drupal_set_message(t('The account has been deleted.'));
module_invoke_all('user', 'delete', $edit, $account);
drupal_goto('admin/user');

Cheers,
-- Geert

CommentFileSizeAuthor
#2 user-delete-session.patch745 byteskbahey
#1 user-session.patch723 byteskbahey
Support from Acquia helps fund testing for Drupal Acquia logo

Comments

kbahey’s picture

Version: 4.6.3 »
FileSize
723 bytes

Here is a patch against HEAD.

kbahey’s picture

Status: Active » Reviewed & tested by the community
FileSize
745 bytes

This is a simple fix that should go into HEAD before 4.7.

Here is the patch for today's HEAD.

dfg’s picture

+1

Dries’s picture

Status: Reviewed & tested by the community » Fixed

Committed to HEAD and DRUPAL-4-6. Thanks.

Anonymous’s picture

Status: Fixed » Closed (fixed)