-
Bug
-
Resolution: Fixed
-
Minor
-
1.6
-
None
-
IE7
-
MOODLE_16_STABLE
-
MOODLE_20_STABLE
If a learner using IE7 tries to login when IE is configured to block persistent cookies, she will fail since set_moodle_cookie() in moodlelib tries to write a persistent MOODLEID cookie and blocks access if this is not found. Other browser than IE will try to write a session cookie if persistent cookies are blocked by config.
IMHO moodle should in no way rely on persistent cookies, they should only be optional. MOODLEID for filling login form is IMHO obsolete for most users since form filling is a feature build in most browsers, where user or admin can configure it accordingly. This data should not be saved in a cookie.
As a workaround we changed cookie expiration in set_moodle_cookie() to zero, loosing MOODLEID functionality but unlocking IE7 users having set very convincing cookie treatment.
We also set MOODLEID cookie to $CFG->sessioncookiepath not to root. This is the reason why $CFG->sessioncookiepath was invented.
function set_moodle_cookie($thing) {
global $CFG;
if ($thing == 'guest')
{ // Ignore guest account return; }$cookiename = 'MOODLEID_'.$CFG->sessioncookie;
$days = 60;
$seconds = DAYSECS*$days;
setCookie($cookiename, '', 0, $CFG->sessioncookiepath);
setCookie($cookiename, rc4encrypt($thing), 0, $CFG->sessioncookiepath);
}
- has been marked as being related by
-
MDL-17754 Session improvements and related rewrites
- Closed