Drupal 7.98 added caching for session IDs (see https://www.drupal.org/node/3364841 → ) but this module calls the PHP function session_id() and not the new function drupal_session_id() to populate masquerade.sid. This would be fine, except that masquerade_cron() joins this table against sessions.sid, which will no longer be the same, meaning stale entries (created by users not switching back to their original uid) will never be cleaned up.
Note: dropping the masquerade table using the patch in #1926074: Remove {masquerade} table and rely on session flag only → will also solve this issue.
With D7.98 masquerade as a user, then close your browser. Wait for your session to expire, run cron, and you will see a stale entry in the masquerade table.
Always call drupal_session_id() when this function exists, instead of session_id().
Write the patch :)
None.
None.
None.
Needs review
1.0
Code