search

SafeExamBrowser / seb-win-refactoring

Safe Exam Browser for Windows.
https://www.safeexambrowser.org/news_en.html
Mozilla Public License 2.0
170 stars 109 forks source link

Session Integrity kills my way to handle Exam-PCs #790

Open Perkaplex opened 7 months ago

Perkaplex commented 7 months ago

Hello guys,

every time a SEB session is not clean closed and startet egain an Error is shown and forces the user to unlock SEB with the administrator password due to a corrupted session (forced by session integrity).

Reproduce: Start SEB 3.6 Shutdown the PC without closing SEB (e. g. scedduled Task set to a specific time) Restart PC and SEB look at red Screen and requiered password

As with SEB v 3.4.0.480 i expected the SEB not to ask for the Password to unlock after an hard restart of the PC without clean closing of SEB.

Screenshots & Logs SEB Fehlermeldung

Thats what the logs say:

2024-01-23 14:59:48.213 [01] - INFO: Attempting to verify session integrity... 2024-01-23 14:59:48.213 [01] - DEBUG: [IntegrityModule] Successfully verified session integrity, session is compromised! 2024-01-23 14:59:48.229 [01] - WARNING: Session integrity is compromised! 2024-01-23 14:59:48.244 [07] - DEBUG: [ClientHost] Received connection request with authentication token '7609ad5c-d929-428c-8611-caf4450f8340'. 2024-01-23 14:59:48.244 [07] - DEBUG: [ClientHost] Accepted connection request. 2024-01-23 14:59:48.260 [13] - DEBUG: [ClientHost] Received message 'SimpleMessage -> Authenticate', sending response 'AuthenticationResponse'. 2024-01-23 14:59:48.276 [17] - DEBUG: [ApplicationMonitor] Window has changed from '' (66316) to 'ActionCenter' (66330). 2024-01-23 14:59:48.733 [24] - INFO: [Browser Window #1] Navigated. 2024-01-23 14:59:48.841 [24] - DEBUG: [KeyGenerator] Initializing browser exam key... 2024-01-23 14:59:49.234 [31] - INFO: Showing lock screen...

Version Information

Context

After a long time, i installed SEB 3.6.0.633 last week, until then we used SEB 3.4.0.480. We have 108 Dell Optiplex 5070 Computers running Windows 11 23H2 with Systembuild 22631.3007.

To manage these PCs we use Images. One exactly identical PC is in my Office and every MS-Patchday i install the Updates, Capture the Image from that PC and Deploy it to the 108 PCs in the Exam-PC-Pools. To take Exams we use the LMS StudIP with the vips addon. The PCs are turned on via Wake on LAN 15 Minutes before an Exam, an user is auto logged in and via scedduled Task the SEB is started 1 min later (so the SEB service has enough time to start). After the Exam is finished i shut the PCs down using the client from the Imageing Service (FOG). The "hard" shutdown and with that the killing of the SEB Process leads to closing the SEB-session not as intendet and in corruption of the session Integrity. And that leads to an Error every next time the SEB starts:

I didnt find a way to handle this error. Yesterday we have had an exam with 100 Students and 4 of us have had to go around and type the password manually in. We dont want that! :D

In the Configfile i cant find a point to turn session integrity off. Hoped to address this issue with the "Session Handling" section but no.

Is there a solution for my Problem? Maybe a commandline to end SEB clean or a setting i didnt see?

dbuechel commented 6 months ago

Thanks for the report. At the moment, the session integrity verification cannot be deactivated, but I think we'll indeed need to implement a configuration option for it. The backlog for the upcoming version 3.7.0 is unfortunately already full, but I think we'll be able to implement the improvement for version 3.8.0.

dbuechel commented 2 months ago

There is now a new configuration option under Security > Enable session verification. It can be tested in the latest beta build for version 3.8.0: https://sebdev.ethz.ch/api/buildjobs/6xrb461ljs5f8nnv/artifacts/SEB_3.8.0.692_SetupBundle.exe.