1 files changed, 40 insertions, 0 deletions

diff --git a/includes/update.inc b/includes/update.inc
index 958e2477f..30cfffdbd 100644
--- a/includes/update.inc
+++ b/includes/update.inc
@@ -156,6 +156,15 @@ function update_prepare_d7_bootstrap() {
       ),
     );
     update_extra_requirements($requirements);
+
+    // Allow a D6 session to work, since the upgrade has not been performed yet.
+    $d6_session_name = update_get_d6_session_name();
+    if (!empty($_COOKIE[$d6_session_name])) {
+      // Set the current sid to the one found in the D6 cookie.
+      $sid = $_COOKIE[$d6_session_name];
+      $_COOKIE[session_name()] = $sid;
+      session_id($sid);
+    }
   }
 
   // Create the registry tables.
@@ -829,6 +838,37 @@ function update_parse_db_url($db_url, $db_prefix) {
 }
 
 /**
+ * Constructs a session name compatible with a D6 environment.
+ *
+ * @return
+ *   D6-compatible session name string.
+ *
+ * @see drupal_settings_initialize()
+ */
+function update_get_d6_session_name() {
+  global $base_url, $cookie_domain;
+  $cookie_secure = ini_get('session.cookie_secure');
+
+  // If a custom cookie domain is set in settings.php, that variable forms
+  // the basis of the session name. Re-compute the D7 hashing method to find
+  // out if $cookie_domain was used as the session name.
+  if (($cookie_secure ? 'SSESS' : 'SESS') . substr(hash('sha256', $cookie_domain), 0, 32) == session_name()) {
+    $session_name = $cookie_domain;
+  }
+  else {
+    // Otherwise use $base_url as session name, without the protocol
+    // to use the same session identifiers across http and https.
+    list( , $session_name) = explode('://', $base_url, 2);
+  }
+
+  if ($cookie_secure) {
+    $session_name .= 'SSL';
+  }
+
+  return 'SESS' . md5($session_name);
+}
+
+/**
  * Perform one update and store the results for display on finished page.
  *
  * If an update function completes successfully, it should return a message