Uploaded image for project: 'Moodle'
  1. Moodle
  2. MDL-81897

Incorrect handling of partitioned cookies is preventing the mobile app from using the "embedded browser" authentication method.

XMLWordPrintable

    • MOODLE_402_STABLE, MOODLE_403_STABLE, MOODLE_404_STABLE
    • MOODLE_401_STABLE, MOODLE_402_STABLE, MOODLE_403_STABLE, MOODLE_404_STABLE
    • MDL-81897-401
    • MDL-81897-403
    • MDL-81897-404
    • MDL-81897-master
    • Hide
      Prerequisite
      1. Moodle mobile app installed on an Android and iOS device (if possible).
      2. Your Moodle mobile app should be able to connect to your Moodle website using https. You can either do the following:
        • Ensure that the phone with the mobile app and the web server are on the same network. Or
        • Expose the web server over the internet via ngrok.
      Test
      1. As an admin, enable “Web services for mobile devices” on Site administration ► Advanced features
      2. As admin, ensure that Secure cookies are enabled on Site administration > General > Security > HTTP Security
      3. Go to Site administration > General > Mobile app authentication and select "Via an embedded browser" in "Type of login"
      4. Open the mobile app in your devices, type your site URL and confirm that:
        • The authentication process is launched in a browser embedded in the site and that you are able to log in
      Show
      Prerequisite Moodle mobile app installed on an Android and iOS device (if possible). Your Moodle mobile app should be able to connect to your Moodle website using https. You can either do the following: Ensure that the phone with the mobile app and the web server are on the same network. Or Expose the web server over the internet via ngrok. Test As an admin, enable “Web services for mobile devices” on Site administration ► Advanced features As admin, ensure that Secure cookies are enabled on Site administration > General > Security > HTTP Security Go to Site administration > General > Mobile app authentication and select "Via an embedded browser" in "Type of login" Open the mobile app in your devices, type your site URL and confirm that: The authentication process is launched in a browser embedded in the site and that you are able to log in

      The problem occurs only when the login process happens in the app's embedded browser (also known as in-app browser). The launch.php script starts a session, creating a non-partitioned cookie (the cookie is created partitioned because the embedded browser User Agent contains MoodleMobile and we enforce partitioned cookies in these scenarios), while the rest of the process sets partitioned cookies once the user is authenticated. This leads to the user not being able to log in.

      To address this issue, there are two options:

      1. Avoid using partitioned cookies when authentication occurs via the embedded browser in the app.
      2. Force the launch.php script to always use partitioned cookies.

      Option 1 is not feasible as we don't have a way to distinguish whether the request is coming from an embedded browser or from an iframe within the app without adding a lot of code.
      So we can only go for Option 2 that it will only require a very quick fix.

      However, further investigation is needed to find a more robust solution to enforce the use of partitioned cookies consistently when using the embedded browser, regardless of the main entry point (such as login/index.php).

            jleyva Juan Leyva
            jleyva Juan Leyva
            Dani Palou Dani Palou
            Andrew Lyons Andrew Lyons
            Ron Carl Alfon Yu Ron Carl Alfon Yu
            Votes:
            8 Vote for this issue
            Watchers:
            12 Start watching this issue

              Created:
              Updated:
              Resolved:

                Estimated:
                Original Estimate - Not Specified
                Not Specified
                Remaining:
                Remaining Estimate - 0 minutes
                0m
                Logged:
                Time Spent - 1 day, 3 hours, 25 minutes
                1d 3h 25m

                  Error rendering 'clockify-timesheets-time-tracking-reports:timer-sidebar'. Please contact your Jira administrators.