Uploaded image for project: 'Moodle'
  1. Moodle
  2. MDL-68380

Chrome 80 cookies problem (SameSite)

    XMLWordPrintable

    Details

    • Type: Bug
    • Status: Closed
    • Priority: Major
    • Resolution: Cannot Reproduce
    • Affects Version/s: 3.5.11, 3.6.9, 3.7.5, 3.8.2
    • Fix Version/s: None
    • Component/s: LTI provider
    • Labels:
    • Affected Branches:
      MOODLE_35_STABLE, MOODLE_36_STABLE, MOODLE_37_STABLE, MOODLE_38_STABLE

      Description

      Hello,

       

      we at 3ipunt have checked that the cookies are not being sent successfully in Chrome 80.

      We found the problem in LTI activities, but everything that requires a cookie could be affected too.

       

      This behaviour was introduced first in https://tracker.moodle.org/browse/MDL-67175

       

      Steps for reproducing the error:

      1 - Access a course

      2 - Create an external tool activity (LTI)

      3 - Select 'Embedded' as visualization type

      4 - Click in the activity

       

      Expected error:

      Moodle shows the login page of the provider LTI, instead of logging the user into the LTI provider.

       

      The cookies that are being sent are not marked with 'SameSite, Secure' flag so Chrome 80 rejects them.

       

      It has been tested in both 149 and 162 Chrome 80 version, working on 149, but not on 162.

       

      Cheers.

        Attachments

          Issue Links

            Activity

              People

              Assignee:
              Unassigned
              Reporter:
              xyulex Raúl Martínez
              Participants:
              Component watchers:
              Adrian Greeve, Jake Dallimore, Mathew May, Mihail Geshoski, Peter Dias
              Votes:
              3 Vote for this issue
              Watchers:
              8 Start watching this issue

                Dates

                Created:
                Updated:
                Resolved: