search

frumbert / wp2moodle-moodle

Moodle end of a Wordpress to Moodle Single Sign On auth plugin
28 stars 29 forks source link

Login and Session time-out problems. #15

Closed satishpechetti closed 9 years ago

satishpechetti commented 9 years ago

Hi,

I am using wp2moodle plugin for SSO. It is working great but I have some issues. One is when an user(wp2user) changes his/her password in moodle through edit user setting, the plugin is not allowing that user to get into Moodle through WordPress. Second one , WordPress session exists even though Moodle session expires, I want to logout of both WordPress and Moodle on Moodle session expiry. on Moodle session expiry I want redirection to WordPress home page. Please help me through the above issues.

Thanks in Advance. Satheesha

frumbert commented 9 years ago

This is a one-way data transaction. Wordpress controls Moodle, not the other way around - so what happens in one system doesn’t necessarily affect the other.

You will probably want to look into disallowing the user to change their password on the Moodle end (https://docs.moodle.org/25/en/Roles_FAQ#How_can_I_prevent_a_user_from_changing_their_own_password.3F https://docs.moodle.org/25/en/Roles_FAQ#How_can_I_prevent_a_user_from_changing_their_own_password.3F) - you could also consider them not being able to change their whole profile, but password is generally enough.

Session expiry is also tricky because the user is generally focussed on one site at a time. However, you can set an action on the Moodle-end logout to redirect to Wordpress via the plugin configuration screen in Moodle, which has a “logout url” field. Set this to http://<your-wordpress-url/wp-login.php?action=logout to mimic what wordpress does on a logout.

Hope this helps!

Tim St. Clair http://frumbert.org/ http://frumbert.org/

On 8 Apr 2015, at 10:58 pm, satishpechetti notifications@github.com wrote:

Hi,

I am using wp2moodle plugin for SSO. It is working great but I have some issues. One is when an user(wp2user) changes his/her password in moodle through edit user setting, the plugin is not allowing that user to get into Moodle through WordPress. Second one , WordPress session exists even though Moodle session expires, I want to logout of both WordPress and Moodle on Moodle session expiry. on Moodle session expiry I want redirection to WordPress home page. Please help me through the above issues.

Thanks in Advance. Satheesha

— Reply to this email directly or view it on GitHub https://github.com/frumbert/wp2moodle-moodle/issues/15.

satishpechetti commented 9 years ago

Hi Thanks for your valuable reply. I need some more information about what is the role of Encryption key in the plugin and Link time out field in Moodle side configuration.

Thanks in advance Satheesha

frumbert commented 9 years ago

The encryption key needs to be the same value on both the Wordpress and Moodle end. It uses the value in this box to securely encrypt the user data. It doesn’t matter what the value is here, as long as it’s the exact same thing on both applications.

The timeout ensures that the link that is generated in Wordpress is only valid for a given time period (e.g. 15 minutes since it was generated) so that the link can’t be copied and shared around.

Tim St. Clair http://frumbert.org/ http://frumbert.org/

On 9 Apr 2015, at 5:38 pm, satishpechetti notifications@github.com wrote:

Hi Thanks for your valuable reply. I need some more information about what is the role of Encryption key in the plugin and Link time out field in Moodle side configuration.

Thanks in advance Satheesha

— Reply to this email directly or view it on GitHub https://github.com/frumbert/wp2moodle-moodle/issues/15#issuecomment-91138556.