From 492a55e7f2df2cb17835be5ee59eeda764eb2173 Mon Sep 17 00:00:00 2001
From: Petr Skoda <skodak@moodle.org>
Date: Thu, 26 Aug 2010 17:19:09 +0000
Subject: [PATCH] MDL-23949 fixed use of invalid $USER before linked to session

---
 lib/sessionlib.php | 9 ++++-----
 1 file changed, 4 insertions(+), 5 deletions(-)

diff --git a/lib/sessionlib.php b/lib/sessionlib.php
index c863583d8cf..998e90b7b0b 100644
--- a/lib/sessionlib.php
+++ b/lib/sessionlib.php
@@ -758,13 +758,12 @@ function session_gc() {
  * @return string
  */
 function sesskey() {
-    global $USER;
-
-    if (empty($USER->sesskey)) {
-        $USER->sesskey = random_string(10);
+    // note: do not use $USER because it may not be initialised yet
+    if (empty($_SESSION['USER']->sesskey)) {
+        $_SESSION['USER']->sesskey = random_string(10);
     }
 
-    return $USER->sesskey;
+    return $_SESSION['USER']->sesskey;
 }
 
 
-- 
2.17.1