Uploaded image for project: 'Moodle'
  1. Moodle
  2. MDL-65434

Can break login page by cookie manipulation

    XMLWordPrintable

    Details

    • Type: Bug
    • Status: Open
    • Priority: Minor
    • Resolution: Unresolved
    • Affects Version/s: 3.5.6
    • Fix Version/s: None
    • Component/s: Authentication
    • Labels:
    • Affected Branches:
      MOODLE_35_STABLE

      Description

      When on /login/index.php if the MoodleSession token is made invalid

      An infinite loop will occur where the site attempts to refresh to reattempt signin.
      However, it does not reset the MoodleSession token, hence it just loops.

      The only user rectification for this is to clear cookies.

      To recreate this,
      Goto /login/index.php eg: https://moodle2.richuish.ac.uk/login/index.php
      Then open console and type document.cookie="MoodleSession=gibberish"
      Upon refresh, the described loop will occur.

        Attachments

          Activity

            People

            • Assignee:
              Unassigned
              Reporter:
              Jaminima Oscar Davies
              Participants:
              Component watchers:
              Jake Dallimore, Jun Pataleta, Ryan Wyllie
            • Votes:
              0 Vote for this issue
              Watchers:
              2 Start watching this issue

              Dates

              • Created:
                Updated: