-
Bug
-
Resolution: Unresolved
-
Major
-
None
-
4.1.12, 4.2.9, 4.3.6, 4.4.2
-
MOODLE_401_STABLE, MOODLE_402_STABLE, MOODLE_403_STABLE, MOODLE_404_STABLE
-
MDL-82426-master
-
In MDL-81405 we introduced support for partitioned cookies for the mobile app, it caused a major regression solved in MDL-81897, however, after using the app for some more time we have detected additional scenarios where the app is not able to properly handle partitioned cookies.
These are the scenarios detected:
- Iframe pointing to another activity within the site
- Iframe without auto-login
- Embedded browser without auto-login (custom menu items)
- Embedded browser with auto-login and then the user does logout
In all of those scenarios, what happens is that sometimes the Moodle site is not always returning partitioned cookies so at the end we have a mix of partitioned and non-partitioned cookies that are breaking the log-in process for the user.
We need to find a solid solution for the app that will consist of Moodle always returning partitioned cookies for requests containing the user-agent of the app.
This will probably require us to add some code just after any invocation of session_regenerate_id() that is when a new cookie is set.