It isn't Moodle, it is Google. Students could access the previous
users Google account just by going to Google without ever touching
Moodle>
That is not the case. The Google for education accounts cannot be accessed directly. Students who try that are redirected to our Moodle platform to login there first.
While I haven't used this feature, I do have a few suggestions that might help.
Solution #1: Educate students
You
need to teach your students the purpose of the "Stay signed in"
checkbox appearing on the login page of Google apps like GMail. This
will save them from problems in the future when they access their Google
apps from public places.
We are constantly working on this. But that solution will never be sufficient since we offer citizenship courses for people from abroad (no native speakers), we offer distance learning to students we never see face to face, we do not offer linear education, but modular (students puzzle together their own schedules, the decide how many courses, which course, how many years they are willing to spend before graduating, ...) , where we have more than 8000 students spread over so many different campusses, a lot who do not master the language
Solution #2: Patch Login instead of Logout
You
could possibly reduce the problem by patching the Moodle logout, but as
you said, that doesn't help students who just close the browser.
However it might be more effective to patch the login system in Moodle
since everyone has to login whether the browse was closed or open.
This suggestion I do not understand. If it involves that we change code inside Moodle, it is not a feasible solution for us, unless it is described accurately somewhere what needs to be changed and how to do this.
Solution #3: Change Google app links to their Logout pages
Another
option might be to have links in the apps block link to the logout page
of the particular service instead of the login page. Here are three URL's that look like they would do the job depending on the results you want:
https://accounts.google.com/Logout?hl=en&continue=https://mail.google.com/mail/
https://accounts.google.com/ServiceLogin?service=mail&continue=https://mail.google.com/mail/
https://mail.google.com/mail/logout?hl=en
This approach will result in them being prompted to login each time they click on the apps block.
This suggestion completely defeats the purpose of implementing a Single Sign On environment where Moodle holds the database with user accounts to authenticate against. The whole point is that students only have to login in one place (Moodle) and that they do not have to do a login procedure when accessing thei Google account / apps. But the problem I described is that a particular user can be logged into Moodle, and gets access to someone else's Google account. That is a serious authentication bug in Google then!
It should be simple: logged in Moodle user = logged in Google account.
But that is not the case as described in my starter post.
- User A logs into Moodle, clicks on gmail link in his apps block: Google account user A opens = CORRECT
- User A closes his gmail tab, logs out of Moodle, leaves the computer
- User B takes a seat, logs onto Moodle, clicks on his gmail link in apps block: Google account user A opens = INCORRECT
It should be taken care of that when a user logs out of Moodle, he is also logged out of Google. But that is not handled correctly by Moodle.
