Uploaded image for project: 'Moodle'
  1. Moodle
  2. MDL-28280

remove obsolete $CFG->usesid

    XMLWordPrintable

Details

    • Task
    • Status: Closed
    • Minor
    • Resolution: Fixed
    • 2.1
    • 2.2
    • Administration
    • None
    • MOODLE_21_STABLE
    • MOODLE_22_STABLE
    • w27_MDL-28280_m22_usesid
    • Hide

      Only code review could be necessary because it only consists of removing of one unsupported feature.

      3rd party code should not be affected, the only one function called from plugin code was added to deprecated file.

      Show
      Only code review could be necessary because it only consists of removing of one unsupported feature. 3rd party code should not be affected, the only one function called from plugin code was added to deprecated file.

    Description

      This was an experimental hack designed for the first generation of japanese smart phones that did not support sessions in built-in browser.

      Why remove?

      • it is a big security hole allowing session fixation attacks
      • all recent smart phones support sessions
      • buggy and unmaintained code
      • it was abused to work around site misconfiguration (Moodle 2.x actively prevents this now)
      • some people thought that it might help then with cookie privacy issues (wrong, session cookies are exception)

      I would really like to get this removed from 2.2 asap...

      Attachments

        Issue Links

          Activity

            People

              skodak Petr Skoda
              skodak Petr Skoda
              Eloy Lafuente (stronk7) Eloy Lafuente (stronk7)
              Eloy Lafuente (stronk7) Eloy Lafuente (stronk7)
              Andrew Lyons, Huong Nguyen, Jun Pataleta, Michael Hawkins, Shamim Rezaie, Simey Lameze, Stevani Andolo
              Votes:
              0 Vote for this issue
              Watchers:
              0 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved:
                5/Dec/11