Uploaded image for project: 'Moodle'
  1. Moodle
  2. MDL-11972

Session time-out detected during a POST request should not cause dataloss

    Details

    • Type: New Feature
    • Status: Open
    • Priority: Minor
    • Resolution: Unresolved
    • Affects Version/s: 1.5, 1.9
    • Fix Version/s: None
    • Component/s: Authentication
    • Labels:
    • Environment:
      All
    • Database:
      Any
    • Affected Branches:
      MOODLE_15_STABLE, MOODLE_19_STABLE

      Description

      Hello!

      We are not very new to moodle, we use it for about two years, but this year is the first we've started a wide usage of moodle in studying process. We have started using tests in studying process since september 1, so we have some little expirence in testing of students.

      Today is the first day we've used moodle for testing at unit control. This is a very important test; the mark student got at this test is a half of all cource mark. All teaters MUST mark students.

      We've got a problem today. The main difference between tests we've used before and the test we've used today is that all previous tests contained maximum 10-15 questions for 10-15 minutes to pass. The test we've used today contained more then 50 questions and the time to answer the test was about 1.5 hour.

      We find it not a confortable to split questions on many pages, so in all tests, including today's test we've showed all questions at a single page. The result was that when students completed answering ant when thay was trying to save-and-finish the test, they've got a 'session timout' error, and all the data was lost.

      That may wouldn't be a big problem for us, but 100 students have lost their answers today. We've lost more then 3 hours testing them. And now it's seems we need to repeat the test, to geather all that students again and to make them to pass the test again. This is really a big serious problem.

      We understand that this problem occured because of our low expirence in using moodle. Now we known ways we could make this problem not to occur: we could split questions to many pages, we could increase session lifetime, we could ask students to save w/o submitting and so on. We did not know about this problem today's morning, we didn't do anything to prevent it and so now we have a great headache.

      If've searched your moodle.org forums and i've find that many people had a headache like ours.

      Some simple technical features could prevent that headache for us, and, i think, for many people:

      1. The main, and the most simple. Save all POST variables in a separate log (stripping passwords, of course). Saving togather with all GET variables would be useful. That log may not be accessible via web-interface, but is SHOULD exist. I'm a web-programmer, and it is unconditionally more simple task for me to write a script that would restore test results from that log, then to geather 100 students and to trifle away more 3 hours re-testing them. This simple log could solve many other problems, and could be useful itself: this may help to restore ANY data lost because of session timeout, not only quiz; this log may help you to get additional information while fixing bugs. I've implemented this log in my CMS and i've used it many times to investigate hacker's and spammer's activities; it has helped me to find real persons flooded at my site anonimously. I think this very simple log is absolutely useful, even without any additional web-interface or any other featers around it. I think database is the best place for that log; using gzcompress(serialize(array($_GET,$_POST))) would be the best choice, IMHO; automatic cleaning of old items will prevent the log from repletion, but i think this is trivial.

      2. Making simple empty ajax-queries to server every 5 minutes will prevent sessions from timeout until browser is closed. Without regarding of server sessions configuration. This will lead to that we'll not be required to split questions to many pages anymore, users who write messages in a forum for a long time, will not be required to rewrite their messages if a session is timed out; this will not make some people using session.gc_probability=0 or a very long session.gc_maxlifetime - these two last features may easily lead to lack of free disk space.

      3. I think that would be a good feature, if moodle would write a special warning message, showed to teachers, if a quiz timeout is greater then the session timeout. A separate system warning about possible problems with sessions and an additional notification to use `Save without submitting` button, showed to all students, if they have JavaScript switched off (leading to that empty ajax queries will not be executed and session still may time out). Teachers may have great expirence using moodle, not students. Teachers may notify students to use that button if they are near the studens. But if a student is far from the teacher, this becomes impossible, and the moodle becomes the only one who may tell students about possible problems.

      4. If a session is timed out at a POST-query, it would be a good practice to store all POST-variables in a NEW session and to get users back to their form filled with data they've posted after a user re-logged-in. For example, re-filled quiz or re-filled forum reply form; data for this form may be got from current session. This will allow users to save their data even if session is timed out. You may even implement a question i've seen at some mobile phones: "You have not saved a previous message. Would you like to continue with prevous message or to create a new empty message?"

      Thank you for attention.
      Hope my four feature requests will be implemented and will prevent many peoples from long hours of headache.

        Gliffy Diagrams

          Attachments

            Activity

              People

              • Votes:
                7 Vote for this issue
                Watchers:
                10 Start watching this issue

                Dates

                • Created:
                  Updated: