Index: /branches/release-38/lib/MT/App/Comments.pm
===================================================================
--- /branches/release-38/lib/MT/App/Comments.pm (revision 2393)
+++ /branches/release-38/lib/MT/App/Comments.pm (revision 2403)
@@ -103,8 +103,7 @@
 # one already exists corresponding to the browser's session.
 #
-# Returns a pair ($session_key, $commenter) where $session_key is the
-# key to the MT::Session object (as well as the cookie value) and
-# $commenter is an MT::Author record. Both values are undef when no
-# session is active.
+# Returns a pair ($session_obj, $commenter) where $session_obj is
+# a MT::Session object and $commenter is an MT::Author record. Both
+# values are undef when no session is active.
 #
 sub _get_commenter_session {
@@ -153,5 +152,5 @@
 
     # session is valid!
-    return ( $session_key, $user );
+    return ( $sess_obj, $user );
 }
 
@@ -860,6 +859,6 @@
     # validate session parameter
     if ( my $sid = $q->param('sid') ) {
-        my ( $session, $commenter ) = $app->_get_commenter_session();
-        if ( $session && $commenter && ( $session eq $sid ) ) {
+        my ( $sess_obj, $commenter ) = $app->_get_commenter_session();
+        if ( $sess_obj && $commenter && ( $sess_obj->id eq $sid ) ) {
             # well, everything is okay
         } else {
@@ -1233,7 +1232,7 @@
     my $nick  = $q->param('author');
     my $email = $q->param('email');
-    my ( $session, $commenter );
+    my ( $sess_obj, $commenter );
     if ( $blog->accepts_registered_comments ) {
-        ( $session, $commenter ) = $app->_get_commenter_session();
+        ( $sess_obj, $commenter ) = $app->_get_commenter_session();
     }
     if ( $commenter && ( 'do_reply' ne $app->mode ) ) {
@@ -1455,6 +1454,6 @@
     my $c;
     if ( $blog_id && $blog ) {
-        my ( $session, $commenter ) = $app->_get_commenter_session();
-        if ( $session && $commenter ) {
+        my ( $sessobj, $commenter ) = $app->_get_commenter_session();
+        if ( $sessobj && $commenter ) {
             my $blog_perms = $commenter->blog_perm($blog_id);
             my $banned = $commenter->is_banned($blog_id) ? "1" : "0";
@@ -1462,5 +1461,4 @@
             $banned ||= 1 if $commenter->status == MT::Author::BANNED();
 
-            my $sessobj = MT::Session->load( $session );
             if ($banned) {
                 $sessobj->remove;
@@ -1746,5 +1744,5 @@
     my $app = shift;
 
-    my ( $session, $commenter ) = $app->_get_commenter_session();
+    my ( $sess_obj, $commenter ) = $app->_get_commenter_session();
     if ($commenter) {
         my $url;
@@ -1760,13 +1758,6 @@
         }
 
-        #require MT::Auth;
-        #my $ctx = MT::Auth->fetch_credentials( { app => $app } );
-        #my $cmntr_sess =
-        #  $app->session_user( $commenter, $ctx->{session_id},
-        #    permanent => $ctx->{permanent} );
-        #return $app->handle_error( $app->translate('Invalid login') )
-        #  unless $cmntr_sess;
-
         my $blog_id = $app->param('blog_id');
+        $app->{session} = $sess_obj;
         $app->user($commenter);
         my $param = {
@@ -1791,30 +1782,17 @@
     my $q   = $app->param;
 
+    my ( $sess_obj, $cmntr ) = $app->_get_commenter_session();
+    return $app->handle_error( $app->translate('Invalid login') )
+        unless $cmntr;
+
     my %param =
       map { $_ => scalar( $q->param($_) ) }
-      qw( id name nickname email password pass_verify hint url entry_url return_url external_auth);
-
-    unless ( $param{id} =~ /\d+/ ) {
-        $param{error} = $app->translate('Invalid commenter ID');
-        return $app->build_page( 'profile.tmpl', \%param );
-    }
-
-    my $cmntr = MT::Author->load( $param{id} );
-    unless ($cmntr) {
-        $param{error} = $app->translate('Invalid commenter ID');
-        return $app->build_page( 'profile.tmpl', \%param );
-    }
+      qw( name nickname email password pass_verify hint url entry_url return_url external_auth);
 
     $param{ 'auth_mode_' . $cmntr->auth_type } = 1;
 
-    # require MT::Auth;
-    # my $ctx = MT::Auth->fetch_credentials( { app => $app } );
-    # my $cmntr_sess =
-    #  $app->session_user( $cmntr, $ctx->{session_id},
-    #    permanent => $ctx->{permanent} );
-    # return $app->handle_error( $app->translate('Invalid login') )
-    #  unless $cmntr_sess;
-
     $app->user($cmntr);
+    $app->{session} = $sess_obj;
+
     $app->validate_magic
       or return $app->handle_error( $app->translate('Invalid request') );
@@ -1860,4 +1838,5 @@
         $app->make_commenter_session( $cmntr );
     }
+    $param{magic_token} = $app->current_magic;
 
     return $app->build_page( 'profile.tmpl', \%param );
Index: /branches/release-38/tmpl/comment/profile.tmpl
===================================================================
--- /branches/release-38/tmpl/comment/profile.tmpl (revision 2136)
+++ /branches/release-38/tmpl/comment/profile.tmpl (revision 2403)
@@ -22,5 +22,4 @@
 <input type="hidden" name="__mode" value="save_profile" />
 <input type="hidden" name="magic_token" value="<mt:var name="magic_token">" />
-<input type="hidden" name="id" value="<mt:var name="id" escape="html">" />
 <input type="hidden" name="entry_url" value="<mt:var name="entry_url" escape="html">" />
 <input type="hidden" name="return_url" value="<mt:var name="return_url" escape="html">" />