Uploaded image for project: 'Moodle'
  1. Moodle
  2. MDL-50881

Calendar throws a moodle_exception when accessed by bots

    XMLWordPrintable

Details

    • Bug
    • Status: Closed
    • Major
    • Resolution: Fixed
    • 2.8.6, 2.8.7, 2.9, 2.9.1
    • 2.8.8, 2.9.2
    • Calendar
    • MOODLE_28_STABLE, MOODLE_29_STABLE
    • MOODLE_28_STABLE, MOODLE_29_STABLE
    • wip-MDL-50881-master
    • Hide
      1. Disable cookies (pretend you are bot)
      2. Click on calendar month on the site home page
      3. Click on "Hide global events"
      4. Make sure there is no exception
      5. Enable cookies
      6. Click on calendar month on the site home page
      7. Click on "Hide global events"
      8. Make sure the eye becomes closed
      Show
      Disable cookies (pretend you are bot) Click on calendar month on the site home page Click on "Hide global events" Make sure there is no exception Enable cookies Click on calendar month on the site home page Click on "Hide global events" Make sure the eye becomes closed

    Description

      A calendar can be included on a page that does not require authentication. For example on the site front page, or a course that is open to the public. These pages can then be indexed by search bots, such as the Google Bot. Such bots do not accept session cookies.

      The calendar component contains links to the /calendar/set.php file. This file is used to set a session variable that indicates the users preference for the type of events that they want to see on the calendar. This page calls the require_sesskey() function.

      If a site has significant numbers of pages with a Calendar, that is indexed via a bot, a significant numbers of the following error are logged.

      Uncaught exception 'moodle_exception' with message 'Incorrect sesskey submitted, form not accepted'

      This is because the bot does not accept session cookies, and so the sesskey is invalid.

      If a site is using error monitoring / reporting software, the high error rate can cause false positive issues. If nothing else the logs get spammed with error messages.

      EXPECTED OUTCOME

      No exception is thrown, and no error message is logged, when the /calendar/set.php file is accessed without a valid session key.

      ACTUAL OUTCOME

      The above exception is throw and an error is output, when the /calendar/set.php file is accessed without a valid session key.

      Attachments

        Activity

          People

            marina Marina Glancy
            techxplorer Corey Wallis
            Andrew Lyons Andrew Lyons
            David Monllaó David Monllaó
            John Okely John Okely
            Andrew Lyons, Huong Nguyen, Jun Pataleta, Michael Hawkins, Shamim Rezaie, Simey Lameze
            Votes:
            0 Vote for this issue
            Watchers:
            5 Start watching this issue

            Dates

              Created:
              Updated:
              Resolved:
              14/Sep/15