Uploaded image for project: 'Moodle'
  1. Moodle
  2. MDL-28631

forbid use of cookies especially from javascript

    Details

    • Story Points (Obsolete):
      40

      Description

      Our developers and theme designers keep smuggling in cookies, this is not compatible with $CFG->cookiehttponly and is against some privacy laws.

      Simply stop relying on cookies and if necessary use user preferences.

      Offenders:

      • admin roles UI
      • lib/cookies.js
      • scorm data model
      • repository
      • anomaly theme

      Solution:
      1/ educate integrators and developers - see MDL-17084 for ajax user preferences
      2/ fix the code
      3/ fix dev docs

        Gliffy Diagrams

          Issue Links

            Activity

            Hide
            skodak Petr Skoda added a comment -

            I am marking this as blocker because this has to be resolved before Moodle 2.3

            Show
            skodak Petr Skoda added a comment - I am marking this as blocker because this has to be resolved before Moodle 2.3
            Hide
            skodak Petr Skoda added a comment - - edited

            Adding integrators as watchers, please do not let any new code that uses cookies into the main git repo - the only exception is session cookie and optional permanent login username cookie.

            Show
            skodak Petr Skoda added a comment - - edited Adding integrators as watchers, please do not let any new code that uses cookies into the main git repo - the only exception is session cookie and optional permanent login username cookie.
            Hide
            skodak Petr Skoda added a comment -

            Adding repo folks too, please make sure that at least we do not introduce new cookies in new code.

            Show
            skodak Petr Skoda added a comment - Adding repo folks too, please make sure that at least we do not introduce new cookies in new code.
            Hide
            poltawski Dan Poltawski added a comment -
            Show
            poltawski Dan Poltawski added a comment - Related discussion: http://moodle.org/mod/forum/discuss.php?d=201558
            Hide
            gb2048 Gareth J Barnard added a comment -

            I understand the Cookie issue which is why I raised the discussion mentioned by Dan above. I also understand that I do use a Cookie to provide the functionality of remembering the state of the toggles in my course format on a per user per course basis - which is a 'functionality cookie' possibly category 3 under UK Cookie Law - hence I have updated my format to support user acceptance of this. However in the long term I would like to upgrade the format to use AJAX and transmit the state server site without hopefully taking up too much additional network traffic and space in the database - I understand the principles (and have done AJAX in Java server side and jQuery client side) - just need to understand how in PHP. Therefore to support solution point '1' could there be links, demonstrations etc. to help developers learn how to do AJAX in Moodle please? What is the best source of information for this technology?

            Cheers,

            Gareth

            Show
            gb2048 Gareth J Barnard added a comment - I understand the Cookie issue which is why I raised the discussion mentioned by Dan above. I also understand that I do use a Cookie to provide the functionality of remembering the state of the toggles in my course format on a per user per course basis - which is a 'functionality cookie' possibly category 3 under UK Cookie Law - hence I have updated my format to support user acceptance of this. However in the long term I would like to upgrade the format to use AJAX and transmit the state server site without hopefully taking up too much additional network traffic and space in the database - I understand the principles (and have done AJAX in Java server side and jQuery client side) - just need to understand how in PHP. Therefore to support solution point '1' could there be links, demonstrations etc. to help developers learn how to do AJAX in Moodle please? What is the best source of information for this technology? Cheers, Gareth
            Hide
            skodak Petr Skoda added a comment -

            Thanks, I have updated the description to link the original issue implementing the necessary api for setting of user preferences from Ajax, please grep the codebase for function names if you want to see examples.

            Show
            skodak Petr Skoda added a comment - Thanks, I have updated the description to link the original issue implementing the necessary api for setting of user preferences from Ajax, please grep the codebase for function names if you want to see examples.
            Hide
            gb2048 Gareth J Barnard added a comment -

            @Petr - Thank you

            Show
            gb2048 Gareth J Barnard added a comment - @Petr - Thank you

              People

              • Votes:
                1 Vote for this issue
                Watchers:
                10 Start watching this issue

                Dates

                • Created:
                  Updated: