Uploaded image for project: 'Moodle'
  1. Moodle
  2. MDL-34965

When the session expires redirect the user to the login page instead of login it as guest

    Details

    • Type: Improvement
    • Status: Closed
    • Priority: Minor
    • Resolution: Fixed
    • Affects Version/s: 2.4
    • Fix Version/s: 2.4
    • Component/s: Authentication, Usability
    • Labels:
    • Testing Instructions:
      Hide

      This issue must be tested with MDL-35029 integrated.

      1. Login as an admin
      2. Enable Users -> Permissions -> User policies -> autologinguests
      3. Enable Server -> Session handling -> dbsessions if it's not already enabled
      4. Edit the database and set mdl_config->sessiontimeout to 3 seconds (or you can use the UI to set the session timeout to the lower value and wait until the session expires)
      5. Logged as an admin, teacher or student go to a course without guest access
      6. After 4 seconds refresh the screen
      7. You SHOULD be redirected to the login page
      8. Enter your username and pwd and click 'submit'
      9. You SHOULD be logged in and you SHOULD be redirected to the course page
      10. Probably you will want to restore your $CFG->sessiontimeout value
      Show
      This issue must be tested with MDL-35029 integrated. Login as an admin Enable Users -> Permissions -> User policies -> autologinguests Enable Server -> Session handling -> dbsessions if it's not already enabled Edit the database and set mdl_config->sessiontimeout to 3 seconds (or you can use the UI to set the session timeout to the lower value and wait until the session expires) Logged as an admin, teacher or student go to a course without guest access After 4 seconds refresh the screen You SHOULD be redirected to the login page Enter your username and pwd and click 'submit' You SHOULD be logged in and you SHOULD be redirected to the course page Probably you will want to restore your $CFG->sessiontimeout value
    • Affected Branches:
      MOODLE_24_STABLE
    • Fixed Branches:
      MOODLE_24_STABLE
    • Pull from Repository:
    • Pull Master Branch:
      MDL-34965_master

      Description

      With guest autologin (Users -> Permissions -> User policies -> autologinguests) when a user session expires the user is autologged as a guest; probably the user is more interested in login again and view the page he/she was viewing with his/her own user instead of as a guest user.

      This behaviour has been detected peer reviewing MDL-32688, probably this is not the only place with the "autologin as guest" feature causes this sort of error when the session expires and it can be managed in a centralized way by require_login() allowing the user to relogin instead of showing an error or a guest-adapted interface

        Gliffy Diagrams

          Attachments

            Issue Links

              Activity

                People

                • Votes:
                  0 Vote for this issue
                  Watchers:
                  3 Start watching this issue

                  Dates

                  • Created:
                    Updated:
                    Resolved:
                    Fix Release Date:
                    3/Dec/12