Uploaded image for project: 'Moodle'
  1. Moodle
  2. MDL-28280

remove obsolete $CFG->usesid

XMLWordPrintable

    • Icon: Task Task
    • Resolution: Fixed
    • Icon: Minor Minor
    • 2.2
    • 2.1
    • Administration
    • None
    • MOODLE_21_STABLE
    • MOODLE_22_STABLE
    • w27_MDL-28280_m22_usesid
    • Hide

      Only code review could be necessary because it only consists of removing of one unsupported feature.

      3rd party code should not be affected, the only one function called from plugin code was added to deprecated file.

      Show
      Only code review could be necessary because it only consists of removing of one unsupported feature. 3rd party code should not be affected, the only one function called from plugin code was added to deprecated file.

      This was an experimental hack designed for the first generation of japanese smart phones that did not support sessions in built-in browser.

      Why remove?

      • it is a big security hole allowing session fixation attacks
      • all recent smart phones support sessions
      • buggy and unmaintained code
      • it was abused to work around site misconfiguration (Moodle 2.x actively prevents this now)
      • some people thought that it might help then with cookie privacy issues (wrong, session cookies are exception)

      I would really like to get this removed from 2.2 asap...

            skodak Petr Skoda
            skodak Petr Skoda
            Eloy Lafuente (stronk7) Eloy Lafuente (stronk7)
            Eloy Lafuente (stronk7) Eloy Lafuente (stronk7)
            Votes:
            0 Vote for this issue
            Watchers:
            0 Start watching this issue

              Created:
              Updated:
              Resolved:

                Error rendering 'clockify-timesheets-time-tracking-reports:timer-sidebar'. Please contact your Jira administrators.