drupal_session_regenerate
function drupal_session_regenerate
drupal_session_regenerate()
Called when an anonymous user becomes authenticated or vice-versa.
Related topics
File
- includes/session.inc, line 350
- User session handling functions.
Code
function drupal_session_regenerate() { global $user, $is_https; // Nothing to do if we are not allowed to change the session. if (!drupal_save_session()) { return; } if ($is_https && variable_get('https', FALSE)) { $insecure_session_name = substr(session_name(), 1); if (!isset($GLOBALS['lazy_session']) && isset($_COOKIE[$insecure_session_name])) { $old_insecure_session_id = $_COOKIE[$insecure_session_name]; } $params = session_get_cookie_params(); $session_id = drupal_random_key(); // If a session cookie lifetime is set, the session will expire // $params['lifetime'] seconds from the current request. If it is not set, // it will expire when the browser is closed. $expire = $params['lifetime'] ? REQUEST_TIME + $params['lifetime'] : 0; setcookie($insecure_session_name, $session_id, $expire, $params['path'], $params['domain'], FALSE, $params['httponly']); $_COOKIE[$insecure_session_name] = $session_id; } if (drupal_session_started()) { $old_session_id = session_id(); } session_id(drupal_random_key()); if (isset($old_session_id)) { $params = session_get_cookie_params(); $expire = $params['lifetime'] ? REQUEST_TIME + $params['lifetime'] : 0; setcookie(session_name(), session_id(), $expire, $params['path'], $params['domain'], $params['secure'], $params['httponly']); $fields = array('sid' => session_id()); if ($is_https) { $fields['ssid'] = session_id(); // If the "secure pages" setting is enabled, use the newly-created // insecure session identifier as the regenerated sid. if (variable_get('https', FALSE)) { $fields['sid'] = $session_id; } } db_update('sessions') ->fields($fields) ->condition($is_https ? 'ssid' : 'sid', $old_session_id) ->execute(); } elseif (isset($old_insecure_session_id)) { // If logging in to the secure site, and there was no active session on the // secure site but a session was active on the insecure site, update the // insecure session with the new session identifiers. db_update('sessions') ->fields(array('sid' => $session_id, 'ssid' => session_id())) ->condition('sid', $old_insecure_session_id) ->execute(); } else { // Start the session when it doesn't exist yet. // Preserve the logged in user, as it will be reset to anonymous // by _drupal_session_read. $account = $user; drupal_session_start(); $user = $account; } date_default_timezone_set(drupal_get_user_timezone()); }
© 2001–2016 by the original authors
Licensed under the GNU General Public License, version 2 and later.
Drupal is a registered trademark of Dries Buytaert.
https://api.drupal.org/api/drupal/includes!session.inc/function/drupal_session_regenerate/7.x