Dodona
Detect, flag or block multi-session login #2850
Replies: 1 comment 1 reply
-
|
Right now, we don't log and store any sign in information at the application level so there is no easy way of doing this. If we would like to implement this feature, we would have to add the devise Trackable model to our user object and change our session storage strategy. Currently, we can't sign someone out/invalidate a session server side. Note that this would probably also give a false sense of security since you can always sign in again. |
Beta Was this translation helpful? Give feedback.
-
|
Additional remark from @thepieterdc: people using an IDE plugin (and thus the API) don't sign in at all and use an API token instead. |
Beta Was this translation helpful? Give feedback.
-
For examinations or tests, it would be useful to be able to block logins with the same account from more than one session or machine. Secret links or code could e.g. be shared (through a separate communication channel, but we even witnessed students using a Dodona exercise as communication channel!) with other students logging in with the same account. This is still a (non-technical) security hazard.
Beta Was this translation helpful? Give feedback.
All reactions