function user_login_finalize

Same name and namespace in other branches
  1. 7.x modules/user/user.module \user_login_finalize()
  2. 9 core/modules/user/user.module \user_login_finalize()
  3. 8.9.x core/modules/user/user.module \user_login_finalize()
  4. 10 core/modules/user/user.module \user_login_finalize()

Finalizes the login process and logs in a user.

The function logs in the user, records a watchdog message about the new session, saves the login timestamp, calls hook_user_login(), and generates a new session.

The current user is replaced with the passed in account.

Parameters

\Drupal\user\UserInterface $account: The account to log in.

See also

hook_user_login()

\Drupal\user\Authentication\Provider\Cookie

5 calls to user_login_finalize()
install_finished in core/includes/install.core.inc
Performs final installation steps and displays a 'finished' page.
RegisterForm::save in core/modules/user/src/RegisterForm.php
Form submission handler for the 'save' action.
UserAuthenticationController::userLoginFinalize in core/modules/user/src/Controller/UserAuthenticationController.php
Finalizes the user login.
UserController::resetPassLogin in core/modules/user/src/Controller/UserController.php
Validates user, hash, and timestamp; logs the user in if correct.
UserLoginForm::submitForm in core/modules/user/src/Form/UserLoginForm.php
Form submission handler.

File

core/modules/user/user.module, line 400

Code

function user_login_finalize(UserInterface $account) {
    \Drupal::currentUser()->setAccount($account);
    \Drupal::logger('user')->info('Session opened for %name.', [
        '%name' => $account->getAccountName(),
    ]);
    // Update the user table timestamp noting user has logged in.
    // This is also used to invalidate one-time login links.
    $account->setLastLoginTime(\Drupal::time()->getRequestTime());
    \Drupal::entityTypeManager()->getStorage('user')
        ->updateLastLoginTimestamp($account);
    // Regenerate the session ID to prevent against session fixation attacks.
    // This is called before hook_user_login() in case one of those functions
    // fails or incorrectly does a redirect which would leave the old session
    // in place.
    
    /** @var \Symfony\Component\HttpFoundation\Session\SessionInterface $session */
    $session = \Drupal::service('session');
    $session->migrate();
    $session->set('uid', $account->id());
    $session->set('check_logged_in', TRUE);
    \Drupal::moduleHandler()->invokeAll('user_login', [
        $account,
    ]);
}

Buggy or inaccurate documentation? Please file an issue. Need support? Need help programming? Connect with the Drupal community.