Uploaded image for project: 'Moodle'
  1. Moodle
  2. MDL-75083

Login form double submission leads to invalid login

    XMLWordPrintable

Details

    Description

      The login form does not prevent double submission. And a double submitted login form leads to an invalid login token error.

      This is because the first submission logs in the user and invalidates the 'anonymous session' (a new session cookie is set on successful login). The second submission reaches the server with the same login token and session cookie meanwhile invalid. The server response from the first request is ignored by the browser since the second submit action cancelled the first request client-side.

      This behaviour is annoying for users because some are double clicking (you have to double click slow enough ) the login button intentionally (thinking they have to) without knowing the effect. And others are impatient or missing the browser's page loading indicator and clicking again. The error message "Invalid login, please try again" the user sees is the same as for a wrong username/password. Therefore the same happens again and again because the user is not taught to do better.

      I found MDL-38555 that implemented some JavaScript code to prevent double submissions for Moodle forms. Sadly the login page isn't using the forms library.

      A patch is attached that reuses the code from MDL-38555 and applies it to loginbtn within the core/loginform template.

      Attachments

        1. loginform-prevent-double-submission.patch
          0.4 kB
        2. MDL-75083_master.mp4
          699 kB
        3. MDL-75083_v311.mp4
          572 kB
        4. MDL-75083_v400.mp4
          628 kB

        Issue Links

          Activity

            People

              jojoob Johannes Burk
              jojoob Johannes Burk
              Mathew May Mathew May
              Ilya Tregubov Ilya Tregubov
              John Edward Pedregosa John Edward Pedregosa
              David Woloszyn, Huong Nguyen, Jake Dallimore, Meirza, Michael Hawkins, Raquel Ortega, Safat Shahin, Stevani Andolo, Huong Nguyen, Barbara Ramiro, Bas Brands, Mathew May, David Woloszyn, Jake Dallimore, Meirza, Michael Hawkins, Raquel Ortega, Safat Shahin, Stevani Andolo
              Votes:
              1 Vote for this issue
              Watchers:
              9 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved:
                22/Aug/22

                Time Tracking

                  Estimated:
                  Original Estimate - 0 minutes
                  0m
                  Remaining:
                  Remaining Estimate - 0 minutes
                  0m
                  Logged:
                  Time Spent - 3 hours, 25 minutes
                  3h 25m