|
|
|
Environment:
|
Linux version 2.6.9-023stab046.2-enterprise ( root@rhel4-32) (gcc version 3.4.5 20051201 (Red Hat 3.4.5-2)) #1 SMP
Apache 2.2.3
PHP 5.2.6
Linux version 2.6.9-023stab046.2-enterprise ( root@rhel4-32) (gcc version 3.4.5 20051201 (Red Hat 3.4.5-2)) #1 SMP
Apache 2.2.3
PHP 5.2.6
|
|
The cookieless functionality of Moodle enabled by setting $CFG->usesid=true; appears to be broken.
We took care to make sure our php.ini follows the guidelines defined in http://docs.moodle.org/en/Cookieless_Sessions
Also there are no mod_security rules or other security systems in place.
Some of the URLs are correctly extended with the sesskey and MoodleSession parameters.
Most notably the "Turn Editing On" button within a course and most of the icons.
The vast majority of the links however is not edited and will lead a user without cookie support to be logged out.
From what we know so far the new moodle_url class introduced in 1.9 does not seem to be integrated with cookieless Moodle.
Unfortunately none of the people on our team are sophisticated PHP programmers so we can't fix it ourself.
|
|
Description
|
The cookieless functionality of Moodle enabled by setting $CFG->usesid=true; appears to be broken.
We took care to make sure our php.ini follows the guidelines defined in http://docs.moodle.org/en/Cookieless_Sessions
Also there are no mod_security rules or other security systems in place.
Some of the URLs are correctly extended with the sesskey and MoodleSession parameters.
Most notably the "Turn Editing On" button within a course and most of the icons.
The vast majority of the links however is not edited and will lead a user without cookie support to be logged out.
From what we know so far the new moodle_url class introduced in 1.9 does not seem to be integrated with cookieless Moodle.
Unfortunately none of the people on our team are sophisticated PHP programmers so we can't fix it ourself. |
Show » |
| There are no comments yet on this issue.
|
|
Bug
Open
Major
Cookieless Moodle Broken
