diff --git a/admin/cron.php b/admin/cron.php
index 0b812304464a6..5382de471d84d 100644
--- a/admin/cron.php
+++ b/admin/cron.php
@@ -66,7 +66,7 @@
 
 
 /// emulate normal session
-    $USER = get_admin();      /// Temporarily, to provide environment for this script
+    session_set_user(get_admin());      /// Temporarily, to provide environment for this script
 
 /// ignore admins timezone, language and locale - use site deafult instead!
     $USER->timezone = $CFG->timezone;
diff --git a/auth/mnet/land.php b/auth/mnet/land.php
index 5008a2fa6f3f8..4dec821c89d07 100644
--- a/auth/mnet/land.php
+++ b/auth/mnet/land.php
@@ -33,8 +33,8 @@
 $localuser = $mnetauth->confirm_mnet_session($token, $remotewwwroot);
 
 // log in
-$USER = get_complete_user_data('id', $localuser->id, $localuser->mnethostid);
-complete_user_login($USER);
+$user = get_complete_user_data('id', $localuser->id, $localuser->mnethostid);
+complete_user_login($user);
 
 if (!empty($localuser->mnet_foreign_host_array)) {
     $USER->mnet_foreign_host_array = $localuser->mnet_foreign_host_array;
diff --git a/backup/lib.php b/backup/lib.php
index f8cc143570c5c..14772eff4f06e 100644
--- a/backup/lib.php
+++ b/backup/lib.php
@@ -615,7 +615,7 @@ function import_backup_file_silently($pathtofile,$destinationcourse,$emptyfirst=
         global $CFG,$SESSION,$USER, $DB; // is there such a thing on cron? I guess so..
         global $restore; // ick
         if (empty($USER)) {
-            $USER = get_admin();
+            session_set_user(get_admin());
             $USER->admin = 1; // not sure why, but this doesn't get set
         }
 
diff --git a/lib/adminlib.php b/lib/adminlib.php
index 8ac5a2397437b..f62b0dac722cf 100644
--- a/lib/adminlib.php
+++ b/lib/adminlib.php
@@ -1414,9 +1414,9 @@ function create_admin_user($user_input=NULL) {
 
             // Log the user in.
             set_config('rolesactive', 1);
-            $USER = get_complete_user_data('username', 'admin');
-            $USER->newadminuser = 1;
-            load_all_capabilities();
+            $user = get_complete_user_data('username', 'admin');
+            $user->newadminuser = 1;
+            complete_user_login($user);
 
             if (!defined('CLI_UPGRADE')||!CLI_UPGRADE) {
               redirect("$CFG->wwwroot/user/editadvanced.php?id=$user->id");  // Edit thyself
diff --git a/lib/sessionlib.php b/lib/sessionlib.php
index fe0c4488bc6d8..774e54d063b11 100644
--- a/lib/sessionlib.php
+++ b/lib/sessionlib.php
@@ -75,7 +75,7 @@ protected function check_user_initialised() {
                     $user = guest_user();
                 }
             }
-            if (!$user and !empty($_SERVER['HTTP_REFERER'])) {
+            if (!empty($CFG->guestloginbutton) and !$user and !empty($_SERVER['HTTP_REFERER'])) {
                 // automaticaly log in users coming from search engine results
                 if (strpos($_SERVER['HTTP_REFERER'], 'google') !== false ) {
                     $user = guest_user();
diff --git a/lib/setup.php b/lib/setup.php
index 672b9e766f6ef..bf9e4ff3353ef 100644
--- a/lib/setup.php
+++ b/lib/setup.php
@@ -450,14 +450,17 @@ function stripslashes_deep($value) {
     // set default locale and themes - might be changed again later from require_login()
     course_setup();
 
-    if ($CFG->theme == 'standard' or $CFG->theme == 'standardwhite') {    // Temporary measure to help with XHTML validation
-        if (isset($_SERVER['HTTP_USER_AGENT']) and empty($USER->id)) {      // Allow W3CValidator in as user called w3cvalidator (or guest)
-            if ((strpos($_SERVER['HTTP_USER_AGENT'], 'W3C_Validator') !== false) or
-                (strpos($_SERVER['HTTP_USER_AGENT'], 'Cynthia') !== false )) {
-                if ($USER = get_complete_user_data("username", "w3cvalidator")) {
-                    $USER->ignoresesskey = true;
-                } else {
-                    $USER = guest_user();
+    if (!empty($CFG->guestloginbutton)) {
+        if ($CFG->theme == 'standard' or $CFG->theme == 'standardwhite') {    // Temporary measure to help with XHTML validation
+            if (isset($_SERVER['HTTP_USER_AGENT']) and empty($USER->id)) {      // Allow W3CValidator in as user called w3cvalidator (or guest)
+                if ((strpos($_SERVER['HTTP_USER_AGENT'], 'W3C_Validator') !== false) or
+                    (strpos($_SERVER['HTTP_USER_AGENT'], 'Cynthia') !== false )) {
+                    if ($user = get_complete_user_data("username", "w3cvalidator")) {
+                        $user->ignoresesskey = true;
+                    } else {
+                        $user = guest_user();
+                    }
+                    session_set_user($user);
                 }
             }
         }
diff --git a/login/confirm.php b/login/confirm.php
index 5e4a15e9a3e14..72f26f664a76b 100644
--- a/login/confirm.php
+++ b/login/confirm.php
@@ -44,11 +44,11 @@
 
             // The user has confirmed successfully, let's log them in
 
-            if (!$USER = get_complete_user_data('username', $username)) {
+            if (!$user = get_complete_user_data('username', $username)) {
                 print_error('cannotfinduser', '', '', $username);
             }
 
-            set_moodle_cookie($USER->username);
+            complete_user_login($user);
 
             if ( ! empty($SESSION->wantsurl) ) {   // Send them where they were going
                 $goto = $SESSION->wantsurl;
diff --git a/rss/file.php b/rss/file.php
index 362a350505555..d35bff474fd43 100644
--- a/rss/file.php
+++ b/rss/file.php
@@ -21,10 +21,8 @@
 
     $lifetime = 3600;  // Seconds for files to remain in caches - 1 hour
 
-    // hack for problems with concurrent use of NO_MOODLE_COOKIES and capabilities MDL-7243
+    // this is a big one big hack - NO_MOODLE_COOKIES is not compatible with capabilities MDL-7243
     // it should be replaced once we get to codes in urls 
-    $USER = new object();
-    $USER->id = 0;
 
     // disable moodle specific debug messages
     disable_debugging();