#11636 NORM xs-0.7: Moodle sends returning users to login page even though they are logged in

Zarro Boogs per Child bugtracker at laptop.org
Wed Feb 15 21:16:13 EST 2012


#11636: Moodle sends returning users to login page even though they are logged in
-------------------------------------+--------------------------------------
           Reporter:  greenfeld      |       Owner:  martin.langhoff                  
               Type:  defect         |      Status:  new                              
           Priority:  normal         |   Milestone:  xs-0.7                           
          Component:  school server  |     Version:  Development build as of this date
         Resolution:                 |    Keywords:                                   
        Next_action:  diagnose       |    Verified:  0                                
Deployment_affected:                 |   Blockedby:                                   
           Blocking:                 |  
-------------------------------------+--------------------------------------

Comment(by martin.langhoff):

 Hm! If a new instance of Browse doesn't trigger it, but Browse sessions
 closed in a "deeper" URL /may/ have an old "sesskey" in the URL. The
 sesskey is a unique key, generated for each login session, that prevents
 CSRF.

 If your browse session is closed/saved with a URL with a sesskey in it,
 upon reopening Browse, Moodle is likely to reset your session, and perhaps
 lose track of things.

 Not all "deep" URLs will trigger this. You can scan the url for the string
 "sesskey".

-- 
Ticket URL: <http://dev.laptop.org/ticket/11636#comment:4>
One Laptop Per Child <http://laptop.org/>
OLPC bug tracking system


More information about the Bugs mailing list