Moodle in English: Fun times with Poisoned Cookies!

Security and privacy

Fun times with Poisoned Cookies!

This discussion has been locked because a year has elapsed since the last post. Please start a new discussion topic.

Fun times with Poisoned Cookies!

by Robin Stark - Thursday, December 22, 2016, 6:39 AM

Hey Guys,

I noticed something kinda odd when putting up a Moodle site. During the login process the Moodle Session Cookie appears to be modified by the client side. The reason why I say this is because a Cookie Poisoning alert has been raised and upon further inspection the Moodle Session Cookie does appear changed. Below is an excerpt of the alert:

url: /login/index.php

Cookie Poisoning
Cookie Name	MoodleSession
Domain	funstuff.org
Path	/
Old Value	3s6r6a2fri94c8idcajhms0202
Corrupted Value	9mtc0hoicru8svo1ppv6vnqte1

The reason why I'm posting is I'm curious if anyone knows why Moodle has chosen to do this?

Thanks,

Rob

Re: Fun times with Poisoned Cookies!

by Randy Thornton - Friday, December 23, 2016, 5:20 AM

When you logout, Moodle changes the session id you had to a new one, so the old valid one does not persist (for obvious security reasons) in the cookie.

When you log back in again, it throws that placeholder id away and gives you a new one for your session (valid until you logout or the session expires according to what time you have set in the Site policies.)

Those characters strings look like valid Moodle session ids.

If the changes are happening at login and logout, that would be normal; this could be a false positive warning.

Average of ratings: -