function user_login_finalize
Same name in other branches
- 7.x modules/user/user.module \user_login_finalize()
- 9 core/modules/user/user.module \user_login_finalize()
- 8.9.x core/modules/user/user.module \user_login_finalize()
- 10 core/modules/user/user.module \user_login_finalize()
Finalizes the login process and logs in a user.
The function logs in the user, records a watchdog message about the new session, saves the login timestamp, calls hook_user_login(), and generates a new session.
The current user is replaced with the passed in account.
Parameters
\Drupal\user\UserInterface $account: The account to log in.
See also
\Drupal\user\Authentication\Provider\Cookie
5 calls to user_login_finalize()
- install_finished in core/
includes/ install.core.inc - Performs final installation steps and displays a 'finished' page.
- RegisterForm::save in core/
modules/ user/ src/ RegisterForm.php - Form submission handler for the 'save' action.
- UserAuthenticationController::userLoginFinalize in core/
modules/ user/ src/ Controller/ UserAuthenticationController.php - Finalizes the user login.
- UserController::resetPassLogin in core/
modules/ user/ src/ Controller/ UserController.php - Validates user, hash, and timestamp; logs the user in if correct.
- UserLoginForm::submitForm in core/
modules/ user/ src/ Form/ UserLoginForm.php - Form submission handler.
File
-
core/
modules/ user/ user.module, line 218
Code
function user_login_finalize(UserInterface $account) {
\Drupal::currentUser()->setAccount($account);
\Drupal::logger('user')->info('Session opened for %name.', [
'%name' => $account->getAccountName(),
]);
// Update the user table timestamp noting user has logged in.
// This is also used to invalidate one-time login links.
$account->setLastLoginTime(\Drupal::time()->getRequestTime());
\Drupal::entityTypeManager()->getStorage('user')
->updateLastLoginTimestamp($account);
// Regenerate the session ID to prevent against session fixation attacks.
// This is called before hook_user_login() in case one of those functions
// fails or incorrectly does a redirect which would leave the old session
// in place.
/** @var \Symfony\Component\HttpFoundation\Session\SessionInterface $session */
$session = \Drupal::service('session');
$session->migrate();
$session->set('uid', $account->id());
$session->set('check_logged_in', TRUE);
\Drupal::moduleHandler()->invokeAll('user_login', [
$account,
]);
}
Buggy or inaccurate documentation? Please file an issue. Need support? Need help programming? Connect with the Drupal community.