Moodle

This is a critical issue to me. We value the courses we teach over the internet and need to protect against a person sharing their login information with others thus allowing them to use our courses without paying. Perhaps this issue (MDL-12587) is not the complete solution to this problem, but it is a start.

Hi. This is the last step for us to be able to launch our product to our customers. The closest explanation I have seen was posted on 11/6/05 as follows. I am not quite sure how to edit the user table in order to add a field to hold the session key, but since I access my Moodle remotely via FTP, I would have to gain access to the "tmp folder" and that would be a bit tricky because Moodle 1.9 is hosted by another company. I would like GUEST to continue to be accessed by multiple users on the same GUEST account. If this could be addressed, or if it is simple enough for me to handle, could you provide some steps on how to accomplish it.

SOLUTION POSTED ON 11/6/05:

• the field added to the user table holds the session key which is to be compared on every access to the site;
• on subsequent access using same username, session key is to be replaced by the new session key;
• this will log out the old user when the session keys do not match.

This will allow only the latest user to be logged in and the earlier one to be logged out. The sessions are stored on the server as files in the tmp folder. What we can do is to check for the existence of the old session on the server disk and get rid of it. This will automatically log off the first user. Now, we can store the new session id in the user database.

Hello,

The ability to limit a login to one user at a time is important to me too. I am surprised that Moodle allows multiple users to login simultaneously with one login credential. Moodle is so security conscious, I expected the security to extend to limiting simultaneous use of login credentials.

I took the solution idea posted on 11/6/05 and expanded on the code to limit access to one user logged in at a time using the same credentials. When user 2 logs in, user 1 is logged out. User one can then log back in and change his password to block user 2.

The logic also limits the login to 2 hours per day so you can't login one time and allow multiple users to use Moodle. If you log out, the system remembers the time remaining for that day so you can log back in and use the remaining time. I added a "Session Time" block so the user will know how much time he has left for that day.

This works OK in Moodle 1.9.9 but I am not sure it will work on Moodle 2.0 without some editing. If anyone would like to see my code hack, send a request to cprudhoe@musapp.com.

Clarence

Hello,

If anyone is interested, I developed a code hack that will block simultanious users using the same username and password. My script will also limit the session time to X hours per day.

I added the solution to the following forums because that is where all the discussion has taken place. So maybe others will find it and find it usful.

http://moodle.org/mod/forum/discuss.php?d=34457#p674481

http://moodle.org/mod/forum/discuss.php?d=22401#p674479

Clarence

Please don't post code in the forums. Post it here and link to it if necessary.