Brendan Heywood
1dadeaeb39
MDL-68608 session: Improved the readonly session debugging
2020-12-14 14:09:55 +11:00
Eloy Lafuente (stronk7)
93f49909d5
Merge branch 'MDL-69121-redis-session-store-compression' of git://github.com/jamie-catalyst/moodle into master
2020-11-24 22:58:48 +01:00
Jamie Stamp
f2ee4599f7
MDL-69121 core: Add ZSTD/Gzip compression options to Redis sessions
2020-11-09 12:34:22 +00:00
Jake Dallimore
b64a8b3675
Merge branch 'MDL-68983-recent-session-lock-ro' of https://github.com/brendanheywood/moodle
2020-10-21 12:45:36 +08:00
Brendan Heywood
57aed80df6
MDL-68983 cache: Fix bug with readonly session combined with lock debug
2020-10-13 14:52:37 +11:00
Brendan Heywood
8c1c164e0a
MDL-69707 session: Avoid redis writes if the session is unchanged
2020-09-29 20:45:38 +10:00
Brendan Heywood
8eab4f77cc
MDL-68577 session: Fine tune the redis lock polling
2020-05-20 15:54:10 +10:00
Don Bowman
cf7b00b8cf
MDL-68696 sessions: Fixed redis session handler for readonly
...
In 39770792ca read-only sessions were allowed.
In the redis case, as called from the mobile application,
this can lead to returning 'false' for session rather than ''.
2020-05-15 12:09:15 -04:00
Brendan Heywood
7bc8ccdcf0
MDL-67075 session: Added extra debugging of blocking redis session locks
2020-04-30 13:06:07 +10:00
Mark Nelson
39770792ca
MDL-58018 core: add support to redis for read-only sessions
2020-04-21 19:29:12 +02:00
Mark Nelson
7daa126d1d
MDL-58018 core: add support to database for read-only sessions
2020-04-21 19:29:12 +02:00
Mark Nelson
4400ed3e1c
MDL-58018 core: finish dev to support open sessions without a lock
2020-04-21 19:29:12 +02:00
Adam Eijdenberg
1c3b89b170
MDL-58018 core: Add support to open sessions without a lock
2020-04-20 14:13:34 +02:00
Brendan Cox
86b082cece
MDL-67175 session: set SameSite=None for Chrome 78 and above
...
Totara reference TL-22311 (original code by Brendan Cox and Sam Hemelryk)
https://github.com/moodle/moodle/commit/a3f4de2b7efe66de6617a67ce7c87f2862e76ac6
2020-02-07 08:05:14 +08:00
Ilya Tregubov
4120908e19
MDL-65249 Session: Throw exception if number of attempts exceeded.
2019-06-25 15:09:42 +10:00
Michael Hawkins
76d0192e0b
MDL-7339 admin: Replaced "open to google" references to be more generic
...
AMOS BEGIN
MOV [configopentogoogle,admin],[configopentowebcrawlers,admin]
MOV [opentogoogle,admin],[opentowebcrawlers,admin]
MOV [check_google_details,report_security],[check_crawlers_details,report_security]
MOV [check_google_error,report_security],[check_crawlers_error,report_security]
MOV [check_google_info,report_security],[check_crawlers_info,report_security]
MOV [check_google_name,report_security],[check_crawlers_name,report_security]
MOV [check_google_ok,report_security],[check_crawlers_ok,report_security]
AMOS END
2019-06-11 10:04:01 +08:00
Damyon Wiese
7aeeb44463
MDL-34498 session: Add a checker to warn before session expiry
...
Replaces old yui module checknet.
2019-06-06 09:31:01 +08:00
Damyon Wiese
e7f9ae50e5
MDL-65572 messaging: Loginas upgrade check
...
When using login as, we also need to check if there are legacy messages that
need updating and set the user preference if required.
2019-05-20 09:12:40 +08:00
Shamim Rezaie
abbf6e5499
MDL-65393 core: Peer review amendments
...
- defining and using constand properties instead of hard-coded values
- Fixing the docblock for the cleanup_recent_session_locks function
2019-05-15 02:30:48 +10:00
Ilya Tregubov
dbed8bdb86
MDL-65393 core: Make session history cleanup more aggressive.
2019-05-15 02:22:23 +10:00
Trisha Milan
fdb9c3217d
MDL-64449 core: Added Session lock debugging option
2019-04-03 14:20:57 +11:00
Damyon Wiese
6dfe428363
MDL-63183 auth: Login protection
...
CSRF protection for the login form. The authenticate_user_login function was
extended to validate the token (in \core\session\manager) but by default it
does not perform the extra validation. Existing uses of this function from
auth plugins and features like "change password" will continue to work without
changes. New config value $CFG->disablelogintoken can bypass this check.
2018-11-07 00:14:48 +01:00
Andrew Nicols
89aff0d828
MDL-63329 core: Remove memcache session support
2018-09-12 08:15:35 +08:00
Jake Dallimore
71926adb0d
Merge branch 'MDL-63050-master' of git://github.com/andrewnicols/moodle
2018-08-15 10:59:37 +08:00
Andrew Nicols
ed3ff719f2
MDL-63050 redis: Make session check compatible with Redis 4.0
2018-08-02 10:57:53 +08:00
Jake Dallimore
7d91564204
MDL-59595 admin: Make sure $ADMIN is properly unset when changing users
2018-07-24 08:25:30 +08:00
Tim Schroeder
81f55e41a7
MDL-61351 core: added \core\session\manager\get_handler_class()
...
* This is needed e.g. by the shibboleth logout handler to check which
type of sessions are used.
2018-07-17 16:45:20 +08:00
Marcus Boon
f8e2383bdd
MDL-59866 session: Add retry for redis sessions
...
There is an edge case whereby redis will fail
to accept connections on the first try but
retrying the connection seems to make it work
Included in this commit:
* Retry functionality in the session init
2017-12-12 14:42:04 +10:00
Andrew Nicols
2a31e628f1
MDL-57477 session: Comment tidyup
2017-10-24 08:12:02 +08:00
Fred Woolard
bd035b98fd
MDL-57477 core: If memcached 3.x mimic 2.2.0 lock acquisition behavior
2017-10-23 13:45:47 -04:00
Mike Olsen
7782e6610b
MDL-58311 cache: Add password support for redis
...
add password support for redis connects in cache and session
2017-03-27 10:31:45 +01:00
Davo Smith
a2f1c5c39a
MDL-57752 session: fix check_security() session termination
2017-02-13 07:54:02 +00:00
wehr
88671590f2
MDL-57655 session: Adds igbinary serializer to Redis session handler
2017-01-25 00:47:25 +01:00
Andrew Nicols
2d45ac279d
Merge branch 'MDL-56823' of git://github.com/aolley/moodle
2016-11-15 09:07:36 +00:00
Nicholas Hoobin
b86c685075
MDL-56417 session: Respect the return value of ignore_timeout_hook.
2016-11-10 14:24:24 +08:00
Adam Olley
d456bd42c3
MDL-56823 session: redis sessions don't honour $CFG->sessiontimeout
...
The redis session handler doesn't use the sessiontimeout config setting
to determine session lifetime.
It has a lock expiry, which is set to 7200 (or a config setting) that is
used to determine how long a lock is held onto, but that should be
distinct from the session timeout.
2016-11-10 10:30:04 +10:30
David Monllao
44eb1490c4
MDL-54751 course: Set adhoc task user
...
We should complete the deletion process using the same
user that started it.
Added a new param to loginas() to prevent the event to be generated as
there is no need to generate an new event for that as the user didn't
explicitly loginas again.
2016-11-08 09:45:07 +08:00
Dan Poltawski
1810eb1bf8
Revert "Merge branch 'MDL-56129-master' of git://github.com/andrewnicols/moodle"
...
This reverts commit aaa2788e42 , reversing
changes made to 80b74762c9 .
2016-10-27 09:59:38 +01:00
Andrew Nicols
c823bfee62
MDL-56129 core: Set a timeout on the session cookie
...
This is primarily because iOS has changed something under the hood which
means that only session cookies which have an expiry are passed around the
OS.
In order to make media playable outside of the browser (e.g. a video), we
must set a session cookie timeout.
Since the session timeout is configurable, this patch sets the cookie
timeout to the session timeout plus a period of one week.
This ensures that videos continue to work, and that the expired session
message is shown on the login page, but without requiring excessively long
session times.
2016-10-24 11:47:06 +08:00
Brendan Heywood
657ddbf592
MDL-55273 admin: Change $CFG->cookiesecure default to on
2016-08-22 09:20:32 +10:00
Russell Smith
7f8a816a7d
MDL-54606 session: Add redis handler with locking.
2016-08-04 21:50:11 +10:00
Skylar Kelty
1f5a347b46
MDL-53947 memcached: Fix memcached session warning on PHP7
2016-06-07 10:25:07 +08:00
Andrew Nicols
d07c339272
Revert "Merge branch 'MDL-53599' of git://github.com/nhoobin/moodle"
...
This reverts commit 15a813cda2 , reversing
changes made to 6870e1fa77 .
2016-05-06 10:18:10 +08:00
Fred Woolard
1ac585fefd
MDL-53713 core: account for session_start returning false
2016-05-06 09:27:27 +08:00
Nicholas Hoobin
c5211882f7
MDL-53599 session: Added a session_class_handler for Redis.
...
It is now possible to set up Redis as a session handler for Moodle.
Ensure that the phpredis extension is enabled and working on your sever.
Please place the following lines in config.php
$CFG->session_handler_class = '\core\session\redis';
$CFG->session_redis_save_path = 'tcp://127.0.0.1';
To determine if it has been set correctly, navigate to
$CFG->wwwroot/admin/phpinfo.php and find following the strings in the
session block,
session.save_handler = redis
session.save_path = tcp://127.0.0.1
2016-04-18 16:28:45 +10:00
Andrew Nicols
2f244f1cc6
MDL-30811 core: Initiate notifications on first use only
2016-03-02 13:30:09 +08:00
Andrew Nicols
0346323cec
MDL-30811 output: Add support for session notifications
2016-02-29 09:05:56 +08:00
Andrew Nicols
34c6ec1869
MDL-50891 useragent: Move web crawler checks to useragent class
2015-08-28 14:31:51 +08:00
Simey Lameze
dcee0b9447
MDL-49360 core_lib: add new method get_local_referer()
...
This commit also replace all usages of $_SERVER['HTTP_REFERER'] and get_referer().
2015-07-27 11:11:24 +08:00
Eric Merrill
774c00c740
MDL-47000 session: Update memcached version referecnes to 2.2.0
2015-02-24 15:18:15 -05:00