Project

General

Profile

Feature #6499

Prevent double login

Added by Yannick Warnier about 6 years ago. Updated almost 3 years ago.

Status:
Feature implemented
Priority:
Low
Assignee:
-
Category:
Global / Others / Misc
Target version:
Start date:
30/07/2013
Due date:
% Done:

100%

Estimated time:
Complexity:
Normal
SCRUM pts - complexity:
?

Description

There have been many discussions (both online and offline) about preventing the same user to login twice at the same time from two different machines.

The issue isn't very easy to solve, because blocking a user based on a specific computer is a bit tricky (IP addresses are only valid if there is no NATting and user agents can be the same), and the logic would be "the first user connecting is the right one", which might not always be correct.

Also, when you want to connect from another computer because the first one has "burnt", for example (or just froze) and you are giving a time-limited exam, having a single-login policy would imply waiting for some time after the session on the other side expired naturally (which is currently something around 30 minutes) to be able to login again, which would clearly but you in a bad situation in an exam...

So if implementing this feature, it should go along a global setting to enable it, to avoid frustration.

In my view, the setting should go into the "Security" section of the configuration settings. Something like:

INSERT INTO settings_current
(variable, subkey, type, category, selected_value, title, comment, scope, subkeytext, access_url_changeable)
VALUES
('prevent_multiple_logins', NULL, 'radio', 'Security', 'false', 'PreventMultipleSimultaneousLoginTitle', 'PreventMultipleSimultaneousLoginComment', NULL, NULL, 1);

INSERT INTO settings_options (variable, value, display_text)
VALUES
('prevent_multiple_logins', 'true', 'Yes'),
('prevent_multiple_logins', 'false', 'No');

Then the logic should probably be modified around line 242 of main/inc/local.inc.php to check the existing ongoing open sessions, and another one should be added to conditional_login() functions called at the beginning of the same script.

I'm setting this for version 1.10 (for which the above will change slightly), but it is not a priority. It is mostly so people wanting to implement it before then (i.e. in 1.9.*) can know where to start.

Associated revisions

Revision c1e17e81 (diff)
Added by jmontoyaa almost 3 years ago

Fix block of admin when setting prevent_multiple_simultaneous_login see #6499

History

#1

Updated by Noa Orizales Iglesias about 6 years ago

The main reason why users ask for this functionality is because they want to avoid multiple users in a pay-per-use course. Users want to ensure that if a course costs 200 € and one user buys it, only that person will be able to access. They want to avoid a second person (that did not pay) from connecting to the course at the same time.

#2

Updated by Luis Cordova over 5 years ago

  • Assignee set to Luis Cordova
#3

Updated by Julio Montoya over 5 years ago

Some comments:

- In 1.10 we don't use main/inc/local.inc.php any more. We use the SecurityServiceProvider
- The DB changes must be added in https://github.com/chamilo/chash
-

#4

Updated by Noa Orizales Iglesias about 5 years ago

  • Assignee changed from Luis Cordova to Yannick Warnier

Yannick, Can you reasign this task to someone? It seems that Luis Cordova is not developing it. Ask Roberto G. if needed.

#5

Updated by Yannick Warnier about 5 years ago

  • Assignee deleted (Yannick Warnier)

It is still too early to develop this in v10. We first need to clean the SecurityServiceProvider stuff.

The priorities for v10 have not been set correctly yet, but in short we first need to review all drastic database and configuration changes.
After that we can really start with non-core stuff like this one.

#6

Updated by Yannick Warnier over 3 years ago

  • Assignee set to Nicolas Ducoulombier

Nicolas, I think this task was updated when 1.10 was not really what was released in the end. Could you check the current "prevent_simultaneous_login" setting in 1.10 works, and maybe also in 2.0, to update this task?

#7

Updated by Nicolas Ducoulombier over 3 years ago

  • Status changed from New to Assigned
  • Assignee changed from Nicolas Ducoulombier to Julio Montoya

In 1.10 and master, the option is present in the administration and there is the code corresponding to what has been developped for 1.9 but it does not work.

The 3 commits are all present but for some reason it does not work anymore.

https://github.com/chamilo/chamilo-lms/commit/88126fe2e20114c0a62dcf282b37624ac6837965
https://github.com/chamilo/chamilo-lms/commit/98a218b7d4acb7eb278750d23050521be17662d1
https://github.com/chamilo/chamilo-lms/commit/f0b412817f177627ef32cdd5a9d130df2de23707

#8

Updated by Noa Orizales Iglesias almost 3 years ago

Can any one tell me what to do with this task, please? Can we close it?

#9

Updated by Yannick Warnier almost 3 years ago

  • Assignee changed from Julio Montoya to Angel Quiroz
  • Target version changed from 2.0 to 1.11.0

Asignando a Angel para revisión, pero creo que ya la corregimos.

#10

Updated by Yannick Warnier almost 3 years ago

  • Assignee changed from Angel Quiroz to Julio Montoya

Ya Angel tiene muchas cosas :-)

#11

Updated by Julio Montoya almost 3 years ago

  • Status changed from Assigned to Needs more info
  • Assignee deleted (Julio Montoya)
#12

Updated by Yannick Warnier almost 3 years ago

  • Status changed from Needs more info to Feature implemented
  • % Done changed from 0 to 100

Yup, fix confirmed. Thanks.

Also available in: Atom PDF