Uploaded image for project: 'Moodle'
  1. Moodle
  2. MDL-10137

Login problems in IE7 when persistent cookies are not allowed

XMLWordPrintable

    • Icon: Bug Bug
    • Resolution: Fixed
    • Icon: Minor Minor
    • 2.0
    • 1.6
    • Authentication
    • None
    • IE7
    • MOODLE_16_STABLE
    • MOODLE_20_STABLE

      If a learner using IE7 tries to login when IE is configured to block persistent cookies, she will fail since set_moodle_cookie() in moodlelib tries to write a persistent MOODLEID cookie and blocks access if this is not found. Other browser than IE will try to write a session cookie if persistent cookies are blocked by config.
      IMHO moodle should in no way rely on persistent cookies, they should only be optional. MOODLEID for filling login form is IMHO obsolete for most users since form filling is a feature build in most browsers, where user or admin can configure it accordingly. This data should not be saved in a cookie.

      As a workaround we changed cookie expiration in set_moodle_cookie() to zero, loosing MOODLEID functionality but unlocking IE7 users having set very convincing cookie treatment.

      We also set MOODLEID cookie to $CFG->sessioncookiepath not to root. This is the reason why $CFG->sessioncookiepath was invented.

      function set_moodle_cookie($thing) {
      global $CFG;

      if ($thing == 'guest')

      { // Ignore guest account return; }

      $cookiename = 'MOODLEID_'.$CFG->sessioncookie;

      $days = 60;
      $seconds = DAYSECS*$days;

      setCookie($cookiename, '', 0, $CFG->sessioncookiepath);
      setCookie($cookiename, rc4encrypt($thing), 0, $CFG->sessioncookiepath);
      }

            skodak Petr Skoda
            pallifons Alfred Kohnert
            Nobody Nobody
            Votes:
            0 Vote for this issue
            Watchers:
            0 Start watching this issue

              Created:
              Updated:
              Resolved:

                Error rendering 'clockify-timesheets-time-tracking-reports:timer-sidebar'. Please contact your Jira administrators.