Skip to content

HTTPS clone URL

Subversion checkout URL

You can clone with HTTPS or Subversion.

Download ZIP
Browse files

MDL-16875 New Moodle setting - sessioncookiedomain

Added new sessioncookiedomain setting to session handling section.

 * allows you to change the domain that the Moodle cookies are available
   from. This is useful for Moodle customisations (i.e. Squirrelmail SSO
   or enrolment plugins) that need to share Moodle session information
   with a web application on another subdomain.

 * Will NOT work if the moodle host does not have a domain - i.e. just a
   hostname, e.g. 'localhost' or 'myhostname'. Needs a FQDN

 * Currently the setting is set to PARAM_TEXT length 50 since PARAM_HOST
   does not allow a leading dot e.g.  '.mydomain.com'

 * TODO: do we make up a new PARAM_COOKIEDOMAIN which is the same as
   PARAM_HOST but allows leading dots? Using PARAM_HOST and prepending a
   dot may not always be desirable.
  • Loading branch information...
commit 62cf1ae8c1ce550299de6f9226e5944ec44d4fcd 1 parent 501592d
jonathanharker authored
View
1  admin/settings/server.php
@@ -89,6 +89,7 @@
300 => get_string('numminutes', '', 5))));
$temp->add(new admin_setting_configtext('sessioncookie', get_string('sessioncookie', 'admin'), get_string('configsessioncookie', 'admin'), '', PARAM_ALPHANUM));
$temp->add(new admin_setting_configtext('sessioncookiepath', get_string('sessioncookiepath', 'admin'), get_string('configsessioncookiepath', 'admin'), '/', PARAM_LOCALURL));
+$temp->add(new admin_setting_configtext('sessioncookiedomain', get_string('sessioncookiedomain', 'admin'), get_string('configsessioncookiedomain', 'admin'), '', PARAM_TEXT, 50));
$ADMIN->add('server', $temp, 50);
View
2  lang/en_utf8/admin.php
@@ -217,6 +217,7 @@
$string['configsecureforms'] = 'Moodle can use an additional level of security when accepting data from web forms. If this is enabled, then the browser\'s HTTP_REFERER variable is checked against the current form address. In a very few cases this can cause problems if the user is using a firewall (eg Zonealarm) configured to strip HTTP_REFERER from their web traffic. Symptoms are getting \'stuck\' on a form. If your users are having problems with the login page (for example) you might want to disable this setting, although it might leave your site more open to brute-force password attacks. If in doubt, leave this set to \'Yes\'.';
$string['configsendcoursewelcomemessage'] = 'If enabled, users receive a welcome message via email when they self-enrol in a course.';
$string['configsessioncookie'] = 'This setting customises the name of the cookie used for Moodle sessions. This is optional, and only useful to avoid cookies being confused when there is more than one copy of Moodle running within the same web site.';
+$string['configsessioncookiedomain'] = 'This allows you to change the domain that the Moodle cookies are available from. This is useful for Moodle customisations (e.g. authentication or enrolment plugins) that need to share Moodle session information with a web application on another subdomain. <strong>WARNING: it is strongly recommended to leave this setting at the default (empty) - an incorrect value will prevent all logins to the site.</strong>';
$string['configsessioncookiepath'] = 'If you need to change where browsers send the Moodle cookies, you can change this setting to specify a subdirectory of your web site. Otherwise the default \'/\' should be fine.';
$string['configsessiontimeout'] = 'If people logged in to this site are idle for a long time (without loading pages) then they are automatically logged out (their session is ended). This variable specifies how long this time should be.';
$string['configshowblocksonmodpages'] = 'Some activity modules support blocks on their pages. If you turn this on, then teachers will be able to add side blocks on those pages, otherwise the interface does not show this feature.';
@@ -654,6 +655,7 @@
$string['serverchecks'] = 'Server Checks';
$string['serverlimit'] = 'Server Limit';
$string['sessioncookie'] = 'Cookie prefix';
+$string['sessioncookiedomain'] = 'Cookie domain';
$string['sessioncookiepath'] = 'Cookie path';
$string['sessionhandling'] = 'Session Handling';
$string['sessiontimeout'] = 'Timeout';
View
16 lib/moodlelib.php
@@ -2112,9 +2112,9 @@ function require_logout() {
error_log('Headers were already sent in file: '.$file.' on line '.$line);
} else {
if (check_php_version('5.2.0')) {
- setcookie('MoodleSessionTest'.$CFG->sessioncookie, '', time() - 3600, $CFG->sessioncookiepath, '', $CFG->cookiesecure, $CFG->cookiehttponly);
+ setcookie('MoodleSessionTest'.$CFG->sessioncookie, '', time() - 3600, $CFG->sessioncookiepath, $CFG->sessioncookiedomain, $CFG->cookiesecure, $CFG->cookiehttponly);
} else {
- setcookie('MoodleSessionTest'.$CFG->sessioncookie, '', time() - 3600, $CFG->sessioncookiepath, '', $CFG->cookiesecure);
+ setcookie('MoodleSessionTest'.$CFG->sessioncookie, '', time() - 3600, $CFG->sessioncookiepath, $CFG->sessioncookiedomain, $CFG->cookiesecure);
}
}
@@ -2670,8 +2670,8 @@ function set_moodle_cookie($thing) {
$seconds = DAYSECS*$days;
// no need to set secure or http cookie only here - it is not secret
- setCookie($cookiename, '', time() - HOURSECS, $CFG->sessioncookiepath);
- setCookie($cookiename, rc4encrypt($thing), time()+$seconds, $CFG->sessioncookiepath);
+ setCookie($cookiename, '', time() - HOURSECS, $CFG->sessioncookiepath, $CFG->sessioncookiedomain);
+ setCookie($cookiename, rc4encrypt($thing), time()+$seconds, $CFG->sessioncookiepath, $CFG->sessioncookiedomain);
}
/**
@@ -7967,11 +7967,11 @@ function report_session_error() {
//clear session cookies
if (check_php_version('5.2.0')) {
//PHP 5.2.0
- setcookie('MoodleSession'.$CFG->sessioncookie, '', time() - 3600, $CFG->sessioncookiepath, '', $CFG->cookiesecure, $CFG->cookiehttponly);
- setcookie('MoodleSessionTest'.$CFG->sessioncookie, '', time() - 3600, $CFG->sessioncookiepath, '', $CFG->cookiesecure, $CFG->cookiehttponly);
+ setcookie('MoodleSession'.$CFG->sessioncookie, '', time() - 3600, $CFG->sessioncookiepath, $CFG->sessioncookiedomain, $CFG->cookiesecure, $CFG->cookiehttponly);
+ setcookie('MoodleSessionTest'.$CFG->sessioncookie, '', time() - 3600, $CFG->sessioncookiepath, $CFG->sessioncookiedomain, $CFG->cookiesecure, $CFG->cookiehttponly);
} else {
- setcookie('MoodleSession'.$CFG->sessioncookie, '', time() - 3600, $CFG->sessioncookiepath, '', $CFG->cookiesecure);
- setcookie('MoodleSessionTest'.$CFG->sessioncookie, '', time() - 3600, $CFG->sessioncookiepath, '', $CFG->cookiesecure);
+ setcookie('MoodleSession'.$CFG->sessioncookie, '', time() - 3600, $CFG->sessioncookiepath, $CFG->sessioncookiedomain, $CFG->cookiesecure);
+ setcookie('MoodleSessionTest'.$CFG->sessioncookie, '', time() - 3600, $CFG->sessioncookiepath, $CFG->sessioncookiedomain, $CFG->cookiesecure);
}
//increment database error counters
if (isset($CFG->session_error_counter)) {
View
11 lib/setup.php
@@ -432,6 +432,9 @@
if (!isset($CFG->sessioncookie)) {
$CFG->sessioncookie = '';
}
+ if (!isset($CFG->sessioncookiedomain)) {
+ $CFG->sessioncookiedomain = '';
+ }
if (!isset($CFG->sessioncookiepath)) {
$CFG->sessioncookiepath = '/';
}
@@ -554,9 +557,9 @@ function addslashes_deep($value) {
if (empty($nomoodlecookie)) {
session_name('MoodleSession'.$CFG->sessioncookie);
if (check_php_version('5.2.0')) {
- session_set_cookie_params(0, $CFG->sessioncookiepath, '', $CFG->cookiesecure, $CFG->cookiehttponly);
+ session_set_cookie_params(0, $CFG->sessioncookiepath, $CFG->sessioncookiedomain, $CFG->cookiesecure, $CFG->cookiehttponly);
} else {
- session_set_cookie_params(0, $CFG->sessioncookiepath, '', $CFG->cookiesecure);
+ session_set_cookie_params(0, $CFG->sessioncookiepath, $CFG->sessioncookiedomain, $CFG->cookiesecure);
}
@session_start();
if (! isset($_SESSION['SESSION'])) {
@@ -566,9 +569,9 @@ function addslashes_deep($value) {
$_SESSION['SESSION']->has_timed_out = true;
}
if (check_php_version('5.2.0')) {
- setcookie('MoodleSessionTest'.$CFG->sessioncookie, $_SESSION['SESSION']->session_test, 0, $CFG->sessioncookiepath, '', $CFG->cookiesecure, $CFG->cookiehttponly);
+ setcookie('MoodleSessionTest'.$CFG->sessioncookie, $_SESSION['SESSION']->session_test, 0, $CFG->sessioncookiepath, $CFG->sessioncookiedomain, $CFG->cookiesecure, $CFG->cookiehttponly);
} else {
- setcookie('MoodleSessionTest'.$CFG->sessioncookie, $_SESSION['SESSION']->session_test, 0, $CFG->sessioncookiepath, '', $CFG->cookiesecure);
+ setcookie('MoodleSessionTest'.$CFG->sessioncookie, $_SESSION['SESSION']->session_test, 0, $CFG->sessioncookiepath, $CFG->sessioncookiedomain, $CFG->cookiesecure);
}
$_COOKIE['MoodleSessionTest'.$CFG->sessioncookie] = $_SESSION['SESSION']->session_test;
}
Please sign in to comment.
Something went wrong with that request. Please try again.