-
Improvement
-
Resolution: Unresolved
-
Minor
-
None
-
3.9.4
A new commercial login system that we will be deploying in future uses dated (not session) cookies for its login persistence.
This causes a problem with the log out feature in the mobile app when using the in-app browser feature. If you log in, log out, and then log in again (intending to change to a different user account), instead of showing you the prompt to log in, it immediately logs you straight back in as the first account because the cookie is still there from the first login. So from the user's point of view, it did not fully log out.
The in-app browser should not retain either kind of cookie, so that if you log out and then log in again, you will always be prompted for login. Currently, it clears session cookies, but keeps permanent cookies.
To easily reproduce this problem, apply the attached login-cookies.patch to your Moodle installation. This causes the login page to set 2 cookies when you log in (one session cookie and one cookie that expires in 24 hours). The login page also displays the current value of the same cookies if they are set.
- is duplicated by
-
MOBILE-4411 Unable to logout with SSO
-
- Closed
-