Browse files

MDL-29312 prevent cookieless mode for security reasons

  • Loading branch information...
1 parent 22e8ad6 commit e1e082a809b9a2d3a408cb4d6faa34fdfcf3165c @skodak skodak committed Sep 11, 2011
Showing with 4 additions and 9 deletions.
  1. +0 −2 auth/mnet/auth.php
  2. +4 −7 lib/sessionlib.php
View
2 auth/mnet/auth.php
@@ -890,8 +890,6 @@ function keepalive_server($array) {
global $CFG, $DB;
$remoteclient = get_mnet_remote_client();
- $CFG->usesid = true;
-
// We don't want to output anything to the client machine
$start = ob_start();
View
11 lib/sessionlib.php
@@ -106,7 +106,7 @@ public function __construct() {
if (NO_MOODLE_COOKIES) {
// session not used at all
- $CFG->usesid = 0;
+ $CFG->usesid = false;
$_SESSION = array();
$_SESSION['SESSION'] = new stdClass();
@@ -118,12 +118,9 @@ public function __construct() {
$newsession = empty($_COOKIE['MoodleSession'.$CFG->sessioncookie]);
- if (!empty($CFG->usesid) && $newsession) {
- sid_start_ob();
- } else {
- $CFG->usesid = 0;
- ini_set('session.use_trans_sid', '0');
- }
+ // cookieless mode is prevented for security reasons
+ $CFG->usesid = false;
+ ini_set('session.use_trans_sid', '0');
session_name('MoodleSession'.$CFG->sessioncookie);
session_set_cookie_params(0, $CFG->sessioncookiepath, $CFG->sessioncookiedomain, $CFG->cookiesecure, $CFG->cookiehttponly);

0 comments on commit e1e082a

Please sign in to comment.