[LON-CAPA-admin] Any change in loncapa session cookie with version 2.11.3?

Raeburn, Stuart raeburn at msu.edu
Fri May 14 20:29:35 EDT 2021

Hello HK,

LON-CAPA 2.11.3 includes changes to cookie session handling, including this item, as documented in the release notes:

- Use 'secure' attribute for session cookie on servers using Apache/SSL (i.e., mod_ssl).

The name of the session cookie will differ depending on whether your server is using mod_ssl or not.  I recommend using mod_ssl to protect LON-CAPA sessions.

If you currently have read access to the LON-CAPA CVS repository using an ssh key (or a password, for anyone who originally received CVS access prior to 2008), then access the modules/raeburn repository and use the command:

cvs diff -b  -r 1.11 -r 1.12 monitor.pl

to see the sort of changes you might want to make to your program.
If you do not have access to the CVS repository, and have questions, contact me off-list.

Stuart Raeburn
LON-CAPA Academic Consortium
From: LON-CAPA-admin <lon-capa-admin-bounces at mail.lon-capa.org> on behalf of H.K. Ng via LON-CAPA-admin <lon-capa-admin at mail.lon-capa.org>
Sent: Friday, May 14, 2021 6:59 PM
To: LON-CAPA Admin
Subject: [LON-CAPA-admin] Any change in loncapa session cookie with version     2.11.3?


I have a program that reads the cookie for the loncapa session. It works in version 2.11.2 but it fails in 2.11.3 (at least I think that is what is causing the problem). Is there a change in how the loncapa session is now configured? Thanks.


More information about the LON-CAPA-admin mailing list