8.5.x user.module user_login_finalize(UserInterface $account)
8.0.x user.module user_login_finalize(UserInterface $account)
8.1.x user.module user_login_finalize(UserInterface $account)
8.2.x user.module user_login_finalize(UserInterface $account)
8.3.x user.module user_login_finalize(UserInterface $account)
8.4.x user.module user_login_finalize(UserInterface $account)
8.6.x user.module user_login_finalize(UserInterface $account)
7.x user.module user_login_finalize(&$edit = array())

Finalize the login process. Must be called when logging in a user.

The function records a watchdog message about the new session, saves the login timestamp, calls hook_user_login(), and generates a new session.


array $edit: The array of form values submitted by the user.

See also


2 calls to user_login_finalize()
install_configure_form_submit in includes/install.core.inc
Form submission handler for install_configure_form().
user_login_submit in modules/user/user.module
Submit handler for the login form. Load $user object and perform standard login tasks. The user is then redirected to the My Account page. Setting the destination in the query string overrides the redirect.


modules/user/user.module, line 2292
Enables the user registration and login system.


function user_login_finalize(&$edit = array()) {
  global $user;
  watchdog('user', 'Session opened for %name.', array(
    '%name' => $user->name,

  // Update the user table timestamp noting user has logged in.
  // This is also used to invalidate one-time login links.
  $user->login = REQUEST_TIME;
    'login' => $user->login,
    ->condition('uid', $user->uid)

  // Regenerate the session ID to prevent against session fixation attacks.
  // This is called before hook_user in case one of those functions fails
  // or incorrectly does a redirect which would leave the old session in place.
  user_module_invoke('login', $edit, $user);


juampynr’s picture

In Drupal 6 the function name is user_authenticate_finalize().

bbinkovitz’s picture

This is called from within user_login_submit() so if you use that, you don't need to also use this. Using this instead of user_login_submit() allows you to log in a user without a redirect to user/[uid].