IvonArroyo
commented
4 years ago I wonder what would happen to the first user that is logged in first with that sessionID. Would they be kicked out? Or continue working?
For instance, When somebody else signs in as you, with the same username/password (it has happened before) the first one gets a message saying that their "session ID is invalid". I have been thinking for a long time that this message should change to say "Somebody else appears to have signed as you from another device, so you are not logged in any more. If you go to mathspring.org and log in again, you will kick them out."
What do you think of this as a solution?
A student could access another student's session (thereby, having full control of making changes to the student's progress) by updating the sessionId field in the url. ( http://localhost:8080/ms/TutorBrain?action=MPPReturnToHut&sessionId=77028&elapsedTime=&eventCounter=2&probId=1200&topicId=-1&learningCompanion=Jane&var=b#)