search

apluslms / a-plus

A+ frontend portal - A+ LMS documentation:
https://apluslms.github.io/
Other
67 stars 72 forks source link

Force the student to log in again during online exams #545

Open markkuriekkinen opened 4 years ago

markkuriekkinen commented 4 years ago

Sanna's suggestion. This needs to be discussed more before anything could be done. We could say that this idea is not worth implementing since it would be still easy to cheat even with this change.

Context: online exams in A+ (done at home without proctoring) that are time-restricted (e.g., only 3 hours to take the exam)

Student should sometimes randomly be required to re-log in to A+ during the exam. This implies that the student must know the correct password for the user whose account was used to log in to the system. This could make it a bit harder to do exams for another person. (A friend could answer to the questions on someone's behalf. Students might be unwilling to share their password to a friend.)

A good time for forced re-login could be when the student tries to submit to an exercise. The system should not lose the submission even though if forces re-login. Since A+ login is based on single sign-on systems (Shibboleth, HAKA federation, Google accounts), the session should be killed in the identity provider first so that the student is really required to enter a password when he/she is required to log in again.

raphendyr commented 4 years ago

Student should sometimes randomly be required to re-log in to A+ during the exam. This implies that the student must know the correct password for the user whose account was used to log in to the system. This could make it a bit harder to do exams for another person. (A friend could answer to the questions on someone's behalf. Students might be unwilling to share their password to a friend.)

I would argue that if the person is ready to cheat, they would share the password. Specially during remote work, I don't see way to do this easily without sharing the password. Thus, this change would only make userinterface annoying for most of the users.

The system should not lose the submission even though if forces re-login.

This could be done so, that the submission is accepted, but not send to the assessment tool before the relogin.

the session should be killed in the identity provider first so that the student is really required to enter a password when he/she is required to log in again.

This could maybe be possible with the the global logout url in shibboleth.