So after a bit of poking around I think I found the issue. I edited weblib.php's redirect function to do a manual redirect (a href) so I could print_r($_COOKIE).
In firefox it prints (in part):
[MoodleSession] => 560d4a9cb8b54f8ac701712f94c8ca6c [MOODLEID_] => %E2%C8%13E%BD
However on the Kindle it posts:
[MoodleSession] => 560d4a9cb8b54f8ac701712f94c8ca6c, $Version=0 [MOODLEID_] => %E2%C8%13E%BD, $Version=0
So then later when Moodle requests the "MoodleSession" cookie it of course can't find it since ", $Version=0" is on the end. The reason the form login name was getting messed up was because the rc4decrypt was decrypting the ", $Version=0" also.
It appears that the Kindle is putting this there and not moodle. So the fix would be on retrieving those values from the cookies, strip the ", $Version=0" off then continue processing. It has thus far been consistent for me that it put ", $Version=0" on the end.
To be honest I don't know a lot about cookies and PHP (enough to be dangerous) so there might be a better "fix". I also don't think this issue is important enough to go into the main code but I'm posting this here in the event somebody else needs to fix a similar issue.
If/when I get it fixed I'll post what code changes I've made.
Well I was able to fix the issue with MOODLEID_ easily enough. In ./lib/moodlelib.php I replaced the get_moodle_cookie() function with the following:
function get_moodle_cookie() {
global $CFG;
$cookiename = 'MOODLEID_'.$CFG->sessioncookie;
$versionStr = ', $Version=0';
if (empty($_COOKIE[$cookiename])) {
return '';
} else {
$strToDecrypt = $_COOKIE[$cookiename];
// remove the $versionStr for the Kindle
if (strpos($strToDecrypt, $versionStr)) {
$strToDecrypt = substr($strToDecrypt, 0, strpos($strToDecrypt, $versionStr));
}
$thing = rc4decrypt($strToDecrypt);
return ($thing == 'guest') ? '': $thing; // Ignore guest account
}
}
Probably a more elegant way to do it but it works. But I can't find the MoodleSession for the life of me even via grep. None of the instances seem to be retrieving the value, just setting or clearing it. I think line 575 in ./lib/setup/php where is takes the session_name in might have something to do with it but I'm at a loss for the moment.
Bugger.
function get_moodle_cookie() {
global $CFG;
$cookiename = 'MOODLEID_'.$CFG->sessioncookie;
$versionStr = ', $Version=0';
if (empty($_COOKIE[$cookiename])) {
return '';
} else {
$strToDecrypt = $_COOKIE[$cookiename];
// remove the $versionStr for the Kindle
if (strpos($strToDecrypt, $versionStr)) {
$strToDecrypt = substr($strToDecrypt, 0, strpos($strToDecrypt, $versionStr));
}
$thing = rc4decrypt($strToDecrypt);
return ($thing == 'guest') ? '': $thing; // Ignore guest account
}
}
Probably a more elegant way to do it but it works. But I can't find the MoodleSession for the life of me even via grep. None of the instances seem to be retrieving the value, just setting or clearing it. I think line 575 in ./lib/setup/php where is takes the session_name in might have something to do with it but I'm at a loss for the moment.
Bugger.
Alright I got it working so I'll add here for others that may one day need to trudge into this. But I think I'm done dinking around with it otherwise.
Forgoing anything I mentioned to do prior, you first need to enable cookieless mode in your config.php. Once you do that you also need to clear the cookie somehow since you can't actually turn off cookies on the Kindle DX. If cookies are on, Moodle will use those over cookieless regardless of your setting.
So I put the following line in around 554 in ./lib/setup.php. This will make any respectable php dev cringe but it works for the most part.
unset($_COOKIE['MoodleSession'.$CFG->sessioncookie]);
Just add that before:
//discard session ID from POST, GET and globals to tighten security,
//this session fixation prevention can not be used in cookieless mode
This will cause sib_start_ob() to trigger around line 571 which is what you want as that does the changes to the output buffer.
I also needed to comment out line 72, the first 'return $url;' in sid_process_url from ./lib/cookieless.php because for some reason it was always going into that if statement. I knew all my URL's were local anyway and I'm not exactly sure why that code was triggering in the first place.
Anyway that should let you get logged in and maintain the session on the Kindle DX. I won't say it doesn't break anything else but if you want to do it to do it, that will get it done. I'll leave it up to you to create your own moodle theme for that screen.
Forgoing anything I mentioned to do prior, you first need to enable cookieless mode in your config.php. Once you do that you also need to clear the cookie somehow since you can't actually turn off cookies on the Kindle DX. If cookies are on, Moodle will use those over cookieless regardless of your setting.
So I put the following line in around 554 in ./lib/setup.php. This will make any respectable php dev cringe but it works for the most part.
unset($_COOKIE['MoodleSession'.$CFG->sessioncookie]);
Just add that before:
//discard session ID from POST, GET and globals to tighten security,
//this session fixation prevention can not be used in cookieless mode
This will cause sib_start_ob() to trigger around line 571 which is what you want as that does the changes to the output buffer.
I also needed to comment out line 72, the first 'return $url;' in sid_process_url from ./lib/cookieless.php because for some reason it was always going into that if statement. I knew all my URL's were local anyway and I'm not exactly sure why that code was triggering in the first place.
Anyway that should let you get logged in and maintain the session on the Kindle DX. I won't say it doesn't break anything else but if you want to do it to do it, that will get it done. I'll leave it up to you to create your own moodle theme for that screen.