When a user is deleted by an administrator while he is browsing a drupal website immediately sees an error like this one
Fatal error: Duplicate entry '7ad0d1a0b4cbde4189cc4cdcacbef91a' for key 1 query: INSERT INTO sessions (sid, uid, hostname, timestamp) VALUES ('7ad0d1a0b4cbde4189cc4cdcacbef91a', 0, '81.188.68.15', 1126817172) in /www/drupal/includes/database.mysql.inc on line 66
This error will continue as long as his sid remains the same ... and the sessions table is not cleaned up (which might feel like "ages" for the deleted user).
This is caused by the user module not cleaning up the user session after a user has been deleted.
How to reproduce
1. Create a test user
2. Log in as test user and navigate (so a session is created)
3. In another browser, as administrator delete the test user
4. make one more click as test user ... and enjoy
Fix is easy
user.module around Line 1166
db_query('DELETE FROM {users} WHERE uid = %d', $account->uid);
db_query('DELETE FROM {users_roles} WHERE uid = %d', $account->uid);
db_query('DELETE FROM {authmap} WHERE uid = %d', $account->uid);
+ db_query('DELETE FROM {sessions} WHERE uid = %d', $account->uid);
drupal_set_message(t('The account has been deleted.'));
module_invoke_all('user', 'delete', $edit, $account);
drupal_goto('admin/user');
Cheers,
-- Geert
Comment | File | Size | Author |
---|---|---|---|
#2 | user-delete-session.patch | 745 bytes | kbahey |
#1 | user-session.patch | 723 bytes | kbahey |
Comments
Comment #1
kbahey CreditAttribution: kbahey commentedHere is a patch against HEAD.
Comment #2
kbahey CreditAttribution: kbahey commentedThis is a simple fix that should go into HEAD before 4.7.
Here is the patch for today's HEAD.
Comment #3
dfg CreditAttribution: dfg commented+1
Comment #4
Dries CreditAttribution: Dries commentedCommitted to HEAD and DRUPAL-4-6. Thanks.
Comment #5
(not verified) CreditAttribution: commented