- Posts: 23
- Thank you received: 2
Welcome to the LimeSurvey Community Forum
Ask the community, share ideas, and connect with other LimeSurvey users!
Force new login
- katcher01
- Topic Author
- Offline
- Junior Member
Less
More
7 years 4 months ago #146099
by katcher01
Force new login was created by katcher01
I would like to always force a new login to limesurvey for each user. Is there any reason why I could not comment out the following line from
application\controllers\admin\authentication.php
$this->_redirectIfLoggedIn();
forcing a login if the login page is called?
thanks
Eric
application\controllers\admin\authentication.php
$this->_redirectIfLoggedIn();
forcing a login if the login page is called?
thanks
Eric
The topic has been locked.
- DenisChenu
- Offline
- LimeSurvey Community Team
Less
More
- Posts: 13643
- Thank you received: 2491
7 years 4 months ago #146108
by DenisChenu
Assistance on LimeSurvey forum and LimeSurvey core development are on my free time.
I'm not a LimeSurvey GmbH member, professional service on demand , plugin development .
I don't answer to private message.
Replied by DenisChenu on topic Force new login
I didn't understand ?katcher01 wrote: I would like to always force a new login to limesurvey for each user.
Assistance on LimeSurvey forum and LimeSurvey core development are on my free time.
I'm not a LimeSurvey GmbH member, professional service on demand , plugin development .
I don't answer to private message.
The topic has been locked.
- katcher01
- Topic Author
- Offline
- Junior Member
Less
More
- Posts: 23
- Thank you received: 2
7 years 4 months ago - 7 years 4 months ago #146151
by katcher01
Replied by katcher01 on topic Force new login
Hi Denis, users must log into our portal in order to use our limesurvey instance. Our access to limesurvey is through a central token based login. The token is authenticated than the users username is passed to limesurvey. If the user does not exist it will be created. Only professors and staff can be survey admins.
If a user does not logout it is possible that the next user, on a public computer, can login to our portal, select the link to access limesurvey but since the cookie still exists, the user will have the previous users identity. I have commented out the redirect if logged in thus hopefully forcing the token validation. Does that make sense? I hope it is more understandable. Also, I realize that this will only be an issue on a public computer.
Thanks
Eric
If a user does not logout it is possible that the next user, on a public computer, can login to our portal, select the link to access limesurvey but since the cookie still exists, the user will have the previous users identity. I have commented out the redirect if logged in thus hopefully forcing the token validation. Does that make sense? I hope it is more understandable. Also, I realize that this will only be an issue on a public computer.
Thanks
Eric
Last edit: 7 years 4 months ago by katcher01. Reason: forgot some info
The topic has been locked.
- DenisChenu
- Offline
- LimeSurvey Community Team
Less
More
- Posts: 13643
- Thank you received: 2491
7 years 4 months ago #146159
by DenisChenu
You must put a very little time for session if you need to put a very little time.
code can do nothing .
$this->_redirectIfLoggedIn(); only redirect if you try to log with a different url than survey/index.
We don't have any- cookies except $_SESSION coockiez : then if your admin close the browser : $_SESSION is out.
But here : think the only solution is secure.php.net/manual/en/session.configu...sion.cookie-lifetime
Assistance on LimeSurvey forum and LimeSurvey core development are on my free time.
I'm not a LimeSurvey GmbH member, professional service on demand , plugin development .
I don't answer to private message.
Replied by DenisChenu on topic Force new login
The issue is here ...katcher01 wrote: If a user does not logout it is possible that the next user, on a public computer....
You must put a very little time for session if you need to put a very little time.
code can do nothing .
$this->_redirectIfLoggedIn(); only redirect if you try to log with a different url than survey/index.
We don't have any- cookies except $_SESSION coockiez : then if your admin close the browser : $_SESSION is out.
But here : think the only solution is secure.php.net/manual/en/session.configu...sion.cookie-lifetime
Assistance on LimeSurvey forum and LimeSurvey core development are on my free time.
I'm not a LimeSurvey GmbH member, professional service on demand , plugin development .
I don't answer to private message.
The topic has been locked.