Uploaded image for project: 'Moodle'
  1. Moodle
  2. MDL-43679

Clicking link to Moodle in MS Word results in "You are already logged in" message

    XMLWordPrintable

    Details

    • Testing Instructions:
      Hide
      1. Open Microsoft Word
      2. Paste in a link to a page in your Moodle site which requires login to view (a course page for instance)
      3. Press enter or space to trigger the auto-hyperlinking
      4. Ctrl+click (as per tooltip) to open link in your browser
      5. If you aren't logged in to your Moodle site, log in
      6. Make sure that the page opened was the one you requested

      Regression part

      1. Using each of our supported browsers (and new session, so no active login)
      2. Open the link that copied in Word
      3. Make sure that you are automatically redirected to the login page, using an HTTP header redirection, not an HTML one. E.g. you should land straight on the login page
      Show
      Open Microsoft Word Paste in a link to a page in your Moodle site which requires login to view (a course page for instance) Press enter or space to trigger the auto-hyperlinking Ctrl+click (as per tooltip) to open link in your browser If you aren't logged in to your Moodle site, log in Make sure that the page opened was the one you requested Regression part Using each of our supported browsers (and new session, so no active login) Open the link that copied in Word Make sure that you are automatically redirected to the login page, using an HTTP header redirection, not an HTML one. E.g. you should land straight on the login page
    • Affected Branches:
      MOODLE_24_STABLE, MOODLE_25_STABLE, MOODLE_26_STABLE, MOODLE_27_STABLE, MOODLE_28_STABLE
    • Fixed Branches:
      MOODLE_27_STABLE, MOODLE_28_STABLE
    • Pull from Repository:
    • Pull Master Branch:
      MDL-43679-master
    • Sprint:
      BACKEND Sprint 19
    • Issue size:
      Medium

      Description

      Microsoft Word performs a behind-the-scenes HTTP request when you ask it to open a hyperlink, in order to skip opening your browser if it points to a Word document (in which case it'll just open it directly). However, in doing so, it follows all redirects - and then passes the final URL to the browser upon determining that it's not a Word document.

      If you're already logged in to the Moodle site in question, this means you'll end up being taken to the login page (because Word isn't logged in to Moodle) which will then display a "You are already logged in" message. If you're not logged in, you'll be taken to the login page - but upon login you'll be taken to the home page rather than the page that the link points to, because Word has the session which had $SESSION->wantsurl set.

      Microsoft acknowledge this issue, but blame the rest of the world for it - suggesting that instead of correctly using HTTP redirects, you should return a 200 OK and use a meta-refresh and/or JavaScript redirect; see http://support.microsoft.com/kb/899927 for more detail.

      To compound matters, only recent versions of Word identify themselves - and even then, usually identify more generically as Office rather than Word. Even so, we should do our best to identify Word and prevent the login redirect so that the correct URL is passed to the browser. Note also that returning a status other than 200 OK (a 403 Forbidden, for instance) results in Word spitting out an error and failing to open the browser.

        Attachments

          Issue Links

            Activity

              People

              • Votes:
                14 Vote for this issue
                Watchers:
                23 Start watching this issue

                Dates

                • Created:
                  Updated:
                  Resolved:
                  Fix Release Date:
                  12/Jan/15