之后的线上和之后的线
我正在尝试将我们的自定义代码脱离核心。
在此功能中,我捕获了旧的会话ID来更新用户在未登录时可能正在处理的项目。
function user_authenticate_finalize(&$edit) {
global $user;
watchdog('user', 'Session opened for %name.', array('%name' => $user->name));
// Update the user table timestamp noting user has logged in.
// This is also used to invalidate one-time login links.
$user->login = time();
db_query("UPDATE {users} SET login = %d WHERE uid = %d", $user->login, $user->uid);
$old_session_id = session_id(); //THIS LINE NEEDS TO BE MOVED
// Regenerate the session ID to prevent against session fixation attacks.
sess_regenerate();
tf_user_new_session_id($user, $old_session_id); //THIS LINE NEEDS TO BE MOVED
user_module_invoke('login', $edit, $user);
}
在 sess_regenerate();
据我所知,您必须编写自己的登录过程才能在D6中干净地完成此操作。我可能会做一个hook_form_alter(),然后用我自己的登录表上的提交处理程序替换。
function tf_user_user($op, &$edit, &$account, $category = NULL)
{
$current_session = session_id();
if ('login' == $op)
{
setcookie('session_id_anonymous', $current_session, time() + 86400);
}
if ('load' == $op)
{
if (isset($_COOKIE['session_id_anonymous']) && $_COOKIE['session_id_anonymous'] != $current_session)
{
tf_user_new_session_id($account->uid, $_COOKIE['session_id_anonymous'], $current_session);
setcookie('session_id_anonymous', $current_session, time() - 3600);
}
}
//more code
}