Uploaded image for project: 'Moodle'
  1. Moodle
  2. MDL-41223

Being prompted to logout when logging in

    XMLWordPrintable

    Details

      Description

      SUMMARY

      I need to have a couple of links giving the user the choice to login using the English or French login page. I am using Moodle 2.5.1.

      WHAT'S HAPPENING

      The problem is, under certain circumstances, the user is prompted to logout upon successfully login in. They get a message similar to:

      "You are already logged in as Michael Milette, you need to log out before logging in as different user."

      I have tested this with several themes including the Standard (Vanilla), Clean and Standard (legacy) themes. It happens with all of them so this is not theme related. I have also tried it in various environments including Apache on Windows (local install) and on Linux (on a live web server) and the outcome is the same.

      DESIRED BEHAVIOUR

      If you are logging in from any page other than the login page, you should be redirected back there (example, if logging in from a block on the home page).

      If you are logging in from the login page, you should be redirected to the referrer page only if it was within the moodle side. Otherwise you should be redirected to the moodle home page.

      Ideally, if logging in from the login page and you fail to login, the original referrer must be maintained. The test to see if you are coming from the login page should work whether the URL has or doesn't have parameters like ?lang=xx. Alternatively, they should be redirected to the home page, but never to the login page.

      REPRODUCING THE ISSUE

      Here is how to reproduce the issue using Moodle 2.5.1 (probably previous versions too):

      Step 1) Go to:

      http://yoursite.com/login/index.php?lang=en
      or
      http://yoursite.com/login/index.php?lang=fr

      The ?lang=xx is important to meet my requirements. Unfortunately it seems to be the cause of the problem. Without it, everything works as expected.

      Step 2) Fail your first login attempt.

      Step 3) Successfully login on the second or third attempt.

      Step 4) You will be asked whether you really want to logout. THIS IS THE FIRST PROBLEM! You should not be prompted to logout while trying to login.

      Step 5) If you click continue, you will always be prompted to logout each time you successfully attempt to login, even if you get it on the first attempt. THIS IS THE SECOND PROBLEM. Your choice in one session should not affect the next login session. If we resolve the first issue, this one should no longer be an issue.

      Alternatively, if you click Cancel at the prompt, the cycle will end and you will be able to login normally on subsequent logins.

      ADDITIONAL INFORMATION

      From what I can see in the source code of /login/index.php, if you fail to login on the first attempt, the system ends up thinking that the login page is where you are coming from because of the ?lang=xx parameter. Once you have successfully logged in, it redirects you to where you were trying to go in the first place. Unfortunately it thinks you were trying to go to the login page.

      POTENTIAL SOLUTION

      Line 277 of /login/index.php is currently:

      $_SERVER["HTTP_REFERER"] != $CFG->httpswwwroot.'/login/index.php')

      A better test would probably be...

      strpos($_SERVER["HTTP_REFERER"], $CFG->httpswwwroot.'/login/index.php') !== 0)

      or even...

      strncmp($_SERVER["HTTP_REFERER"], $CFG->httpswwwroot.'/login/index.php', strlen($CFG->httpswwwroot.'/login/index.php'))

      Can we get this fixed for all future releases of Moodle?

      Best regards,

      Michael

        Attachments

          Activity

            People

            Assignee:
            skodak Petr Skoda
            Reporter:
            michael-milette Michael Milette
            Peer reviewer:
            Ankit Agarwal
            Integrator:
            Marina Glancy
            Tester:
            Dan Poltawski
            Participants:
            Component watchers:
            Adrian Greeve, Jake Dallimore, Mathew May, Mihail Geshoski, Peter Dias
            Votes:
            0 Vote for this issue
            Watchers:
            6 Start watching this issue

              Dates

              Created:
              Updated:
              Resolved:
              Fix Release Date:
              11/Nov/13