When a user is deleted by an administrator while he is browsing a drupal website immediately sees an error like this one

Fatal error: Duplicate entry '7ad0d1a0b4cbde4189cc4cdcacbef91a' for key 1 query: INSERT INTO sessions (sid, uid, hostname, timestamp) VALUES ('7ad0d1a0b4cbde4189cc4cdcacbef91a', 0, '81.188.68.15', 1126817172) in /www/drupal/includes/database.mysql.inc on line 66

This error will continue as long as his sid remains the same ... and the sessions table is not cleaned up (which might feel like "ages" for the deleted user).

This is caused by the user module not cleaning up the user session after a user has been deleted.

How to reproduce
1. Create a test user
2. Log in as test user and navigate (so a session is created)
3. In another browser, as administrator delete the test user
4. make one more click as test user ... and enjoy

Fix is easy
user.module around Line 1166
db_query('DELETE FROM {users} WHERE uid = %d', $account->uid);
db_query('DELETE FROM {users_roles} WHERE uid = %d', $account->uid);
db_query('DELETE FROM {authmap} WHERE uid = %d', $account->uid);
+ db_query('DELETE FROM {sessions} WHERE uid = %d', $account->uid);
drupal_set_message(t('The account has been deleted.'));
module_invoke_all('user', 'delete', $edit, $account);
drupal_goto('admin/user');

Cheers,
-- Geert

Files: 
CommentFileSizeAuthor
#2 user-delete-session.patch745 byteskbahey
#1 user-session.patch723 byteskbahey

Comments

Version:4.6.3»
StatusFileSize
new723 bytes

Here is a patch against HEAD.

Status:Active» Reviewed & tested by the community
StatusFileSize
new745 bytes

This is a simple fix that should go into HEAD before 4.7.

Here is the patch for today's HEAD.

+1

Status:Reviewed & tested by the community» Fixed

Committed to HEAD and DRUPAL-4-6. Thanks.

Status:Fixed» Closed (fixed)