Skip to content

HTTPS clone URL

Subversion checkout URL

You can clone with
or
.
Download ZIP
Browse files

Adding a little more checking to the session switching trap code.

I 've come across a problem where:

1. You have an "old" (say 1.3.5?) Moodle installation.
2. You are logged in as admin.
3. You suddenly switch to using a 1.5+ codebase with
   the SAME database, WITHOUT LOGGING OUT FIRST.

In this situation, I was presented with a deadlock. I could not do
anything because "my session had expired", and I could not even
log OUT to clear my session. In fact it was just reloading the
"session expired page" all the time.

If it weren't for debug = On which causes a notice in these
circumstances, it would be fracking difficult to understand what
was going on.

With this small addition, you can at least visit your login page
and log in anew, so problem fixed.

I believe this was talked about in the forums lately? Not sure.
  • Loading branch information...
commit 9b1e8d728a4189f8a3e6f3a347ddd7d9d60e61b9 1 parent 230783b
defacer authored
Showing with 1 addition and 1 deletion.
  1. +1 −1  lib/setup.php
View
2  lib/setup.php
@@ -339,7 +339,7 @@ class object {};
if ($SESSION != NULL) {
if (empty($_COOKIE['MoodleSessionTest'.$CFG->sessioncookie])) {
report_session_error();
- } else if ($_COOKIE['MoodleSessionTest'.$CFG->sessioncookie] != $SESSION->session_test) {
+ } else if (isset($SESSION->session_test) && $_COOKIE['MoodleSessionTest'.$CFG->sessioncookie] != $SESSION->session_test) {
report_session_error();
}
}
Please sign in to comment.
Something went wrong with that request. Please try again.