MDL-9166 auth plugins can prevent showing of last logged in user; merged from MOODLE_...

diff --git a/login/index.php b/login/index.php
index 4e4d63a6e7c14ab86c5cb1a609629e9b82a028c4..5f1aa4f2bc4e43b8b3346714118a0ff2559bfd5a 100644 (file)
--- a/login/index.php
+++ b/login/index.php
@@ -165,7 +165,14 @@ httpsrequired();
 
 
             update_user_login_times();
-            set_moodle_cookie($USER->username);
+            if (empty($CFG->nolastloggedin)) {
+                set_moodle_cookie($USER->username);
+            } else {
+                // do not store last logged in user in cookie
+                // auth plugins can temporarily override this from loginpage_hook()
+                // do not save $CFG->nolastloggedin in database!
+                set_moodle_cookie('nobody');
+            }
             set_login_session_preferences();
 
             /// This is what lets the user do anything on the site :-)