function user_login_finalize

Finalizes the login process and logs in a user.

The function logs in the user, records a watchdog message about the new session, saves the login timestamp, calls hook_user_login(), and generates a new session.

The current user is replaced with the passed in account.

Parameters

\Drupal\user\UserInterface $account: The account to log in.

See also

hook_user_login()

\Drupal\user\Authentication\Provider\Cookie

File

core/modules/user/user.module, line 457

Code

function user_login_finalize(UserInterface $account) {
  \Drupal::currentUser()->setAccount($account);
  \Drupal::logger('user')->notice('Session opened for %name.', [
    '%name' => $account->getAccountName(),
  ]);
  // Update the user table timestamp noting user has logged in.
  // This is also used to invalidate one-time login links.
  $account->setLastLoginTime(\Drupal::time()->getRequestTime());
  \Drupal::entityTypeManager()->getStorage('user')
    ->updateLastLoginTimestamp($account);
  // Regenerate the session ID to prevent against session fixation attacks.
  // This is called before hook_user_login() in case one of those functions
  // fails or incorrectly does a redirect which would leave the old session
  // in place.
  /** @var \Symfony\Component\HttpFoundation\Session\SessionInterface $session */
  $session = \Drupal::service('session');
  $session->migrate();
  $session->set('uid', $account->id());
  $session->set('check_logged_in', TRUE);
  \Drupal::moduleHandler()->invokeAll('user_login', [
    $account,
  ]);
}