[#MDL-19026] Guest courses with both loginhttps and autologinguests enabled redirect to front page - Moodle Tracker

Details

Type: Bug
Status: Closed
Priority: Minor
Resolution: Fixed
Affects Version/s: 1.9
Fix Version/s: 2.0
Component/s: Authentication
Labels:
None

URL:
https://ecampus.nmit.ac.nz/moodle/course/view.php?id=1298
Affected Branches:
MOODLE_19_STABLE
Fixed Branches:
MOODLE_20_STABLE

Description

There seems to be a clash between loginhttps and autologinguests, which requires https guest course URLs to be visited twice before they work (the first time, you get redirected to the front page).

More Options
- Sort By Name
- Sort By Date
- Ascending
- Descending
- Download All

Attachments

19026.diff

13/May/09 10:27 AM

2 kB

Gordon Anderson

Activity

Ascending order - Click to sort in descending order

Hide

Permalink

Gordon Anderson added a comment - 13/May/09 10:27 AM

Patch to allow guests to login to a course that permits guests, but using https to login as opposed to http

Show

Gordon Anderson added a comment - 13/May/09 10:27 AM Patch to allow guests to login to a course that permits guests, but using https to login as opposed to http

Hide

Permalink

Gordon Anderson added a comment - 13/May/09 10:36 AM

There were 3 separate issues that the previously attached diff resolves:

1) Autologin for guests was wired to http only
2) The redirection to https login now appends the loginguest parameter
3) A check is made to see if the URL to redirect to after login is part of the site. If it is not then after login the home page is shown. This was the the behaviour I was observing until I realised that the https version of the site URL was not being checked. The check in question was

strpos($SESSION->wantsurl, $CFG->wwwroot) === 0

If $SESSION->wantsurl is an https:// URL then this match will always fail.

Thanks

Gordon

Show

Gordon Anderson added a comment - 13/May/09 10:36 AM hi There were 3 separate issues that the previously attached diff resolves: 1) Autologin for guests was wired to http only 2) The redirection to https login now appends the loginguest parameter 3) A check is made to see if the URL to redirect to after login is part of the site. If it is not then after login the home page is shown. This was the the behaviour I was observing until I realised that the https version of the site URL was not being checked. The check in question was strpos($SESSION->wantsurl, $CFG->wwwroot) === 0 If $SESSION->wantsurl is an https:// URL then this match will always fail. Thanks Gordon

Hide

Permalink

Petr Škoda (skodak) added a comment - 12/Oct/10 7:54 PM

This should be finally fixed in 2.0dev, the new require_login() does not redirect any more.
Thank you for the report.

Petr Skoda

Show

Petr Škoda (skodak) added a comment - 12/Oct/10 7:54 PM This should be finally fixed in 2.0dev, the new require_login() does not redirect any more. Thank you for the report. Petr Skoda

People

Assignee:

Petr Škoda (skodak)

Reporter:

Jonathan Harker

Participants:

Gordon Anderson, Jonathan Harker, Petr Škoda (skodak)

Vote (0)

Watch (0)

Dates

Created:

30/Apr/09 11:56 AM

Updated:

17/Dec/10 12:53 PM

Resolved:

12/Oct/10 7:54 PM