- Patch #477944 by Damien Tournoud: fix and streamline page cache and session handling.

1 files changed, 3 insertions, 1 deletions

diff --git a/modules/user/user.module b/modules/user/user.module
index 460d6858e..089f121ab 100644
--- a/modules/user/user.module
+++ b/modules/user/user.module
@@ -1715,10 +1715,12 @@ function user_authenticate_finalize(&$edit) {
     ->fields(array('login' => $user->login))
     ->condition('uid', $user->uid)
     ->execute();
+
   // Regenerate the session ID to prevent against session fixation attacks.
   // This is called before hook_user in case one of those functions fails
   // or incorrectly does a redirect which would leave the old session in place.
   drupal_session_regenerate();
+
   user_module_invoke('login', $edit, $user);
 }
 
@@ -2482,7 +2484,7 @@ function user_build_filter_query(SelectQuery $query) {
   $filters = user_filters();
 
   // Extend Query with filter conditions.
-  foreach ($_SESSION['user_overview_filter'] as $filter) {
+  foreach (isset($_SESSION['user_overview_filter']) ? $_SESSION['user_overview_filter'] : array() as $filter) {
     list($key, $value) = $filter;
     // This checks to see if this permission filter is an enabled permission for
     // the authenticated role. If so, then all users would be listed, and we can