MDL-79712 auth_lti: ensure MoodleSession uses SameSite=None Secure

The MoodleSession cookie is already set this way when using Chrome, but
not for Firefox. This is a decision made in \core\session\manager. When
Firefox eventually defaults to SameSite=Lax when the SameSite attribute
is omitted from the Set-Cookie headers, the MoodleSession cookie won't
be sent. This change ensures the cookies used during LTI launches will
continue to work if/when this happens, and despite any changes which may
be made to core's sessionlib in future.

auth/lti/classes/local/ltiadvantage/event/event_handler.php

@@ -35,16 +35,14 @@ class event_handler {
      * @return void
      */
     public static function handle_user_loggedin(user_loggedin $event): void {
-        // The event data isn't important here. The intent of this listener is to ensure that the MoodleSession cookie gets the
-        // 'Partitioned' attribute, when required - an opt-in flag needed to use Chrome's partitioning mechanism, CHIPS. During LTI
-        // auth, the auth class (auth/lti/auth.php) calls complete_user_login(), which generates a new session cookie as part of its
-        // login process. This handler makes sure that this new cookie is intercepted and partitioned, if needed.
+        // The event data isn't important here. The intent of this listener is to ensure that the MoodleSession cookie is set up
+        // properly during LTI launches + login. This means two things:
+        // i) it's set with SameSite=None; Secure; where possible (since OIDC needs HTTPS this will almost always be possible).
+        // ii) it set with the 'Partitioned' attribute, when required.
+        // The former ensures cross-site cookies are sent for embedded launches. The latter is an opt-in flag needed to use Chrome's
+        // partitioning mechanism, CHIPS.
         if (cookie_helper::cookies_supported()) {
-            if (cookie_helper::get_cookies_supported_method() == cookie_helper::COOKIE_METHOD_EXPLICIT_PARTITIONING) {
-                global $CFG;
-                cookie_helper::add_attributes_to_cookie_response_header('MoodleSession' . $CFG->sessioncookie,
-                    ['Partitioned', 'Secure']);
-            }
+            cookie_helper::setup_session_cookie();
         }
     }
 }

auth/lti/classes/local/ltiadvantage/utility/cookie_helper.php

@@ -157,10 +157,8 @@ final class cookie_helper {
                 // Set a session flag storing the method used to set it, and make sure the session cookie uses this method.
                 $cookiemethod = $cookie1received ? self::COOKIE_METHOD_NO_PARTITIONING : self::COOKIE_METHOD_EXPLICIT_PARTITIONING;
                 $SESSION->auth_lti_cookie_method = $cookiemethod;
-                if ($cookiemethod === self::COOKIE_METHOD_EXPLICIT_PARTITIONING) {
-                    // This assumes secure is set, since that's the only way a paritioned test cookie have been set.
-                    self::add_attributes_to_cookie_response_header('MoodleSession'.$CFG->sessioncookie, ['Partitioned', 'Secure']);
-                }
+
+                self::setup_session_cookie();
             }
         }
     }
@@ -210,6 +208,24 @@ final class cookie_helper {
         }
     }
 
+    /**
+     * Sets up the session cookie according to the method used in the cookie check, and with SameSite=None; Secure attributes.
+     *
+     * @return void
+     */
+    public static function setup_session_cookie(): void {
+        global $CFG;
+        require_once($CFG->libdir . '/sessionlib.php');
+
+        if (is_moodle_cookie_secure()) {
+            $atts = ['SameSite=None', 'Secure'];
+            if (self::get_cookies_supported_method() == self::COOKIE_METHOD_EXPLICIT_PARTITIONING) {
+                $atts[] = 'Partitioned';
+            }
+            self::add_attributes_to_cookie_response_header('MoodleSession' . $CFG->sessioncookie, $atts);
+        }
+    }
+
     /**
      * Set a test cookie, using SameSite=None; Secure; attributes if possible, and with or without partitioning opt-in.
      *