8.5.x user.module user_login_finalize(UserInterface $account)
8.0.x user.module user_login_finalize(UserInterface $account)
8.1.x user.module user_login_finalize(UserInterface $account)
8.2.x user.module user_login_finalize(UserInterface $account)
8.3.x user.module user_login_finalize(UserInterface $account)
8.4.x user.module user_login_finalize(UserInterface $account)
8.6.x user.module user_login_finalize(UserInterface $account)
7.x user.module user_login_finalize(&$edit = array())

Finalizes the login process and logs in a user.

The function logs in the user, records a watchdog message about the new session, saves the login timestamp, calls hook_user_login(), and generates a new session.

The current user is replaced with the passed in account.

Parameters

\Drupal\user\UserInterface $account: The account to log in.

See also

hook_user_login()

3 calls to user_login_finalize()
install_finished in core/includes/install.core.inc
Performs final installation steps and displays a 'finished' page.
UserAuthenticationController::userLoginFinalize in core/modules/user/src/Controller/UserAuthenticationController.php
Finalizes the user login.
UserLoginForm::submitForm in core/modules/user/src/Form/UserLoginForm.php
Form submission handler.

File

core/modules/user/user.module, line 530
Enables the user registration and login system.

Code

function user_login_finalize(UserInterface $account) {
  \Drupal::currentUser()
    ->setAccount($account);
  \Drupal::logger('user')
    ->notice('Session opened for %name.', array(
    '%name' => $account
      ->getUsername(),
  ));

  // Update the user table timestamp noting user has logged in.
  // This is also used to invalidate one-time login links.
  $account
    ->setLastLoginTime(REQUEST_TIME);
  \Drupal::entityManager()
    ->getStorage('user')
    ->updateLastLoginTimestamp($account);

  // Regenerate the session ID to prevent against session fixation attacks.
  // This is called before hook_user_login() in case one of those functions
  // fails or incorrectly does a redirect which would leave the old session
  // in place.
  \Drupal::service('session')
    ->migrate();
  \Drupal::service('session')
    ->set('uid', $account
    ->id());
  \Drupal::moduleHandler()
    ->invokeAll('user_login', array(
    $account,
  ));
}

Comments

Sut3kh’s picture

Beware that users created programmatically are blocked by default and need to be activated first.
If you call this function on a blocked account it will silently fail! (and still log 'Session opened for...' in watchdog).

example:

<?php
$user = User::create([
  'name' => $username,
  'mail' => $email,
]);
$user->activate();// NOTE: login will fail silently if not activated!
$user->save();
user_login_finalize($user);