- Bugfix: when clean URLs are enabled, the cookie path was not always set correctly when the

user logged using the user block from within a subdirectory.  Patch by Ulf Rompe.

modules/user.module

@@ -510,7 +510,7 @@ function user_auth_help_links() {
 /*** User features *********************************************************/
 
 function user_login($edit = array(), $msg = "") {
-  global $user;
+  global $user, $base_url;
 
   /*
   ** If we are already logged on, go to the user page instead.
@@ -591,11 +591,12 @@ function user_login($edit = array(), $msg = "") {
       ** that the session won't expire.
       */
 
+      $path = preg_replace("/.+\/\/[^\/]+(.*)/", "\$1/", $base_url);
       if ($edit["remember_me"]) {
-        setcookie(session_name(), session_id(), time() + 3600 * 24 * 365);
+        setcookie(session_name(), session_id(), time() + 3600 * 24 * 365, $path);
       }
       else {
-        setcookie(session_name(), session_id());
+        setcookie(session_name(), session_id(), FALSE, $path);
       }
 
       /*

modules/user/user.module

@@ -510,7 +510,7 @@ function user_auth_help_links() {
 /*** User features *********************************************************/
 
 function user_login($edit = array(), $msg = "") {
-  global $user;
+  global $user, $base_url;
 
   /*
   ** If we are already logged on, go to the user page instead.
@@ -591,11 +591,12 @@ function user_login($edit = array(), $msg = "") {
       ** that the session won't expire.
       */
 
+      $path = preg_replace("/.+\/\/[^\/]+(.*)/", "\$1/", $base_url);
       if ($edit["remember_me"]) {
-        setcookie(session_name(), session_id(), time() + 3600 * 24 * 365);
+        setcookie(session_name(), session_id(), time() + 3600 * 24 * 365, $path);
       }
       else {
-        setcookie(session_name(), session_id());
+        setcookie(session_name(), session_id(), FALSE, $path);
       }
 
       /*