Moodle community sites

Hi,

For me :

1. it's NOT a barrier
2. I'll prefere to login again, and then knowing what message(s) have been read (or not)
3. I'll prefere that users have to login, better than being automatically connected as guests

Séverin

I do not know about these talks, also can't understand what there to talk about. For me, it is the simplest thing in the world, and that not my invention either. Here it goes:

1. for all the visitors who have no login on moodle.org
If one visits an URL, whether high-level one like https://docs.moodle.org or a deep one like https://docs.moodle.org/28/en/Upgrading_FAQ#I_have_custom_code_in_my_site._How_do_I_upgrade.3F,
a) just deliver that resource, if that resource is public.

Do not start discussing about guest logins with non-moodlers, that is an odd thing to explain.

b) if that resource is available only for registered users, say so, and offer a login box and also a button to start the registration process.

If they don't want to comply, hard luck!

2. for all who have a login on moodle.org but are not logged on at the time.
Exactly the same behaviour as in item 1.
a) the information is public. Show it without hassle!

b) the information needs a login. Give them the same choice: either enter their login, register with a new login or no access!

That is all to it, I guess! Well, case 3, have a login and also logged in, there is nothing to explain, right? Have a login and has ticked "Remember me" at the last login, then already fill the login name in the login box. If they have saved the password too, through a mechanism in the browser, the browser fill that one too. The user still has to click on "Login now". Well, all that is handles by the browser anyway.

This talk about remembering where the user has been: That sounds to me like the typical bait to retain user data. Has some manager sold some ideas of the great benefits of data-laundering to HQ?

I think Dan's questions miss the main point:

In 2014, almost every other web system (Facebook, Twitter, Linked In, ...) offers a "Keep me logged in on this computer" option on the login page.

Moodle has never offered this.

I think we should add that option. It not only solves the problems in this thread, it is just a nice features to have.

(Of course, it needs to be implemented properly. If you get it wrong, that is a security risk. However, as I say, many other people have done it, so there shoudl be a secure pattern we could follow.)

There is a more sophisticated version of doing this (which I think is what Google does). The 'keep me logged' in is good enough for most read-only tasks on the site. However, at the point where you start trying to do something more serious (hit reply on a forum post, try to edit your profile), at that point it gets you to re-log-in, before you can do the more dangerous operation. That would require more of a change to the require_login API (unless we did it in require_capability, and detected any capability with a 'write' or 'risk', and made them trigger a re-log-in.)

1. A barrier for people who aren't signed up and are just googling for answers. But for people with a registration I guess it's more of a frustration. Something I constantly grrr at .

2. Log in as guest. I only need to log in if I'm replying or need to subscribe.

3. Not sure it really affects many sites. Moodle.org is a different story compared to most Moodle sites.

Tim Hunt: "In 2014, almost every other web system (Facebook, Twitter, Linked In, ...) offers a "Keep me logged in on this computer" option on the login page.

Moodle has never offered this."

+1 for this. (Is there a tracker issue? :P)