How to retrieve MoodleSession cookie from within (customized) login/index.php

How to retrieve MoodleSession cookie from within (customized) login/index.php

by Oleg Zhitnikov -
Number of replies: 1
Hi All,

I need to seamlessly and silently pre-login users from my primary sub-domain into my Moodle instance (on a friendly sub-domain). I remotely post my custom login/index.php passing user credentials into it and need to return MoodleSession cookie to set it in a requesters browser session.

I successfully retrieve MoodleSessionTest cookie value, however MoodleSession cookie comes back blank, even though I do see that the both cookie values are successfully set in the browser as a result of script run.

Could someone please help me understand behavior of MoodleSession cookie and capture its value?

I have a fresh Moodle installation (2 months old). Here is a code extract from my custom login/index.php :

###################################################################################

print_footer();
exit;
} elseif (intval($days2expire) < 0 ) {
print_header("$site->fullname: $loginsite", "$site->fullname", $navigation, '', '', true, "
$langmenu
");
notice_yesno(get_string('auth_passwordisexpired', 'auth'), $passwordchangeurl, $urltogo);
print_footer();
exit;
}
}

reset_login_count();

/ *Capture session cookie
MoodleSessionTest cookie value is captured, MoodleSession is blank(null?)
*/
echo 'Check Cookie:
';
echo 'MoodleSessionTest
';
echo $_COOKIE['MoodleSessionTest'.$CFG->sessioncookie];
echo '
MoodleSession
';
echo $_COOKIE['MoodleSession'.$CFG->sessioncookie];
die();

redirect($urltogo);

exit;

} else {
if (empty($errormsg)) {
$errormsg = get_string("invalidlogin");
$errorcode = 3;
}

// TODO: if the user failed to authenticate, check if the username corresponds to a remote mnet user
if ( !empty($CFG->mnet_dispatcher_mode)
&& $CFG->mnet_dispatcher_mode === 'strict'

###########################################################################

Only MoodleSessionTest cookie is returned in the custom intex.php outup, while all cookies are set in the browser
Attachment MoodleSession_Cookies.png
Average of ratings: -
In reply to Oleg Zhitnikov

Re: How to retrieve MoodleSession cookie from within (customized) login/index.php

by Iñaki Arenaza -
Picture of Core developers Picture of Documentation writers Picture of Particularly helpful Moodlers Picture of Peer reviewers Picture of Plugin developers

Hi Oleg,

I think the problem is that MoodleSession cookie hasn't been sent to the client yet (you have just posted to a Moodle page, and the HTTP response hasn't been sent back yet, as you are still executing the page request), and thus you won't have it in $_COOKIES by default ($_COOKIES is filled in by the client on the HTTP request).

The old saying goes like "you can not set a cookie on a page and test for it in the same page", which is what you are doing.

Both MoodleSessionTest and MoodleSession are set in lib/setup.php, but MoodleSessionTest is put into $_COOKIES by Moodle code. That's why you can see MoodleSessionTest but not MoodleSession.

Anyway, if you are posting to login/index.php from your remote app, you should get both cookies in the response, so you could get them from there, couldn't you?

Saludos. Iñaki.

Average of ratings: Useful (1)