Topic: | Moodle cookie path can not be restricted |
Severity: | Low |
Versions affected: |
<1.8.4 |
Reported by: | Kevin |
Issue no.: | MDL-11927 |
Solution: |
Upgrade to 1.8.4 or latest stable snapshot. Or use patch: http://cvs.moodle.org/moodle/lib/setup.php?r1=1.198.2.4&r2=1.198.2.5 http://cvs.moodle.org/moodle/lib/moodlelib.php?r1=1.837.2.76&r2=1.837.2.77 |
Description:
Starting with 1.8.4 version it is possible to limit the scope of Moodle session cookies through sessioncookiepath setting. Please note that using the same server name (ex: www.example.com) for Moodle installation and untrusted content (ex: www.example.com/~somestudent") not recommended.