"This user is already logged in"

[MAMEK70]

Describe Hello, When a user quits chamilo either by closing the navigator window, or because of a drop of internet connection (yes, it still happens), the user's session does not close. So when the user tries to re-connect, he gets rejected with an "[b]THIS USER IS ALREADY LOGGED IN...[/b]" error. The user might not be able to re-connect for a long time. Is this a normal behaviour? or is there something wrong in our set-up?

To Reproduce Steps to reproduce the behavior:

1. Close the navigator window without logging out
2. Try to reconnect
3. See error "This user is already logged in"

Expected behaviour Would it be possible that a re-connect tentative kills the already-open session, avoiding the "user already logged in" error.

Desktop

• OS: Windows 10
• Browser chrome

Server

• Version of Chamilo: 1.11.12

[ywarnier]

You seem to have enabled the prevent_multiple_simultaneous_login setting in the configuration of Chamilo ("Prevent simultaneous login"). If you remove that option, Chamilo will not complain about a session being already opened. This feature is there to prevent cheating during an exam, but it has the consequence that if your computer is cut from power, Chamilo will keep the session "awake" for a certain amount of time (which time depends on the configuration of your server and PHP and Chamilo). However, if your browser already had an open connexion to Chamilo and you reboot and return to Chamilo with the same browser, the cookie for the previous connexion should still be available and you should still be able to reconnect (without even having to enter your credentials). Now this will depend on your computer and browser configuration.

[ywarnier]

To my knowledge, this is a support request, not a bug, but feel free to correct me if somehow this is broken.

[MAMEK70]

Thanks for your swift reply. You are right. "prevent_multiple_simultaneous_login" is on. The reason being is that we use BBB (in conjunction with Chamilo) as a videoconf tool for our primary-secondary school, and the best way to prevent unauthorized users to crash our live video-courses is by using "prevent_multiple_simultaneous_login". We use Chamilo in a primary/secondary school environment for online teaching... Our very young users quite often end up in the situation described above and loose a lot of time waiting to reconnect. On the admin side, we spend a lot of time toggling the "prevent_multiple_simultaneous_login" on and off to allow users to reconnect. We will work on adapting users browser settings. I was wondering if it was possible to have the login request kill any "sleeping" session (Already seen this feature in other secured apps)? Sorry for mislabeling my question.

[shiddugmail]

Hello Friends,

Kindly let me know which file this setting needs to be done.

Thank you, Regards, Shiddu

[ywarnier]

@shiddugmail the prevent_multiple_simultaneous_login option must be set in app/config/configuration.php The setting should be present but commented. Uncomment it and set the value to "true" to enable it. If you do not see the setting, check for it in main/install/configuration.dist.php and copy it over to app/config/configuration.php

[ywarnier]

@MAMEK70 sorry for the late answer. The answer is... it's complicated and we are not able to do that in a reasonable timeframe in this major version of Chamilo. In order to be able to delete the "infringing" session, Chamilo would need to know which session file (on disk) represents which user. There is no such relationship at the moment: the web server is the one assigning a session file on disk based on the user cookie and, in the session file, there is an indication of what Chamilo user it is. But from the Chamilo side, we don't know which file on disk it is. I believe implementing this would require a change in the session-opening process to store the name of the session file inside the database (user table or track_e_login table or something like that), but this creates a series of other complex issues which would have to be attended one by one (for example, what happens when you leave the platform for some time without closing your session, or when the garbage collector goes and deletes a session file from disk after a while?)

All issues we have to little time to work on. Feel free, if you have the ability, to contribute this change to Chamilo through a Pull Request. We will happily review it and consider it for integration.

[shiddugmail]

@shiddugmail the prevent_multiple_simultaneous_login option must be set in app/config/configuration.php The setting should be present but commented. Uncomment it and set the value to "true" to enable it. If you do not see the setting, check for it in main/install/configuration.dist.php and copy it over to app/config/configuration.php

Thank you @ywarnier for your response. It was not there so added at the end the file looks like below now. But it still allows a user to login from to devices. it would be great if you can help resolve this.

// Shows the best exercise score attempt for a student in the reports. /$_configuration['add_exercise_best_attempt_in_report'] = [ 'courses' => [ 'ABC' => [88, 89], // Where ABC is the course code and 88 is the exercise id ] ];/

// One connection per user $_configuration['prevent_multiple_simultaneous_login'] = true;

// KEEP THIS AT THE END // -------- Custom DB changes // Add user activation by confirmation email // This option prevents the new user to login in the platform if your account is not confirmed via email // You need add a new option called "confirmation" to the registration settings //INSERT INTO settings_options (variable, value, display_text) VALUES ('allow_registration', 'confirmation', 'MailConfirmation'); // ------ (End) Custom DB changes

[ywarnier]

Answered in #3869

[chywUa]

Dear Chamilo LMS developers, something you with the parameter $_configuration['prevent_multiple_simultaneous_logins'] = false; outwitted If I allow simultaneous login to the system, the message "THIS USER IS ALREADY LOGGED IN" is still present. Clearing the cache, logging in under a different account, and even rebooting the system does not help. This creates a problem that makes it impossible to use the system normally.