Please sign in to comment.
Security fix for:
Internet Explorer bug that allows sends cookies to different sites if they have the same ending. eg moodle.com cookie is sent to smec.moodle.com!! Also fixes case where multiple moodle installations may be in different directories on the same server. When you go from one to the other the first session will be destroyed now (you can't be logged in the two at the same time). It's just a lot safer this way, for now. Basically this works by storing the wwwroot variable in the session and checking it for every page.
- Loading branch information...
Showing with 5 additions and 2 deletions.