Uploaded image for project: 'Moodle'
  1. Moodle
  2. MDL-31248

Change in rc4encrypt key is causing cookies encrypted before the change to produce garbage text

XMLWordPrintable

    • MOODLE_19_STABLE, MOODLE_20_STABLE, MOODLE_21_STABLE, MOODLE_22_STABLE
    • MOODLE_19_STABLE, MOODLE_20_STABLE, MOODLE_21_STABLE, MOODLE_22_STABLE
    • wip-MDL-31248-master-v3
    • Hide

      Removing the proposed workaround. Sorry, I thought this was a newly introduced setting, but it was not.

      Show
      Removing the proposed workaround. Sorry, I thought this was a newly introduced setting, but it was not.
    • Hide

      1) Start with a fresh install of an old version (eg 1.9.14).
      2) Log out and log in a few times.
      3) Upgrade to the current version (pre-patch) logout and observe the garbled characters. Log back in.
      4) Install the patch.

      [TEST] When you log into the site the username field should be blank, or it may possibly have your login details (depends on the browser). Make sure that there is no garbled text.

      Show
      1) Start with a fresh install of an old version (eg 1.9.14). 2) Log out and log in a few times. 3) Upgrade to the current version (pre-patch) logout and observe the garbled characters. Log back in. 4) Install the patch. [TEST] When you log into the site the username field should be blank, or it may possibly have your login details (depends on the browser). Make sure that there is no garbled text.

      The fix for MDL-28948 (changing the rc4encrypt key for moodle cookies) is causing the prepopulated username field in the login form to display garbage when a moodle cookie exists from a previous moodle version. So this will occur for the first visit to the site on any browser with the cookie saved after the last moodle upgrade.

      To prevent the previous cookie being misread (as the encryption key will have now changed), I suggest appending the cookie name with "_V2" (hat tip to Matt Clarkson for the suggestion).

            abgreeve Adrian Greeve
            sry_not4sale Aaron Barnes
            Ankit Agarwal Ankit Agarwal
            Eloy Lafuente (stronk7) Eloy Lafuente (stronk7)
            Rajesh Taneja Rajesh Taneja
            Votes:
            6 Vote for this issue
            Watchers:
            17 Start watching this issue

              Created:
              Updated:
              Resolved:

                Error rendering 'clockify-timesheets-time-tracking-reports:timer-sidebar'. Please contact your Jira administrators.