Reputation: 1295
Disable multi-tab browsing for single session/user
[Disclaimer: I'm not sure if this kind of question is accepted here as it is about a piece of software deployed already. Rest assured I didn't drop any confidential information. Also do tell me if I violated any rules in SO by posting this so I can take it down immediately]
I have a working Learning Management System web application and I recently received a bug report about a button not showing. After investigating, I have proved that the user was not using the web app as intended. When taking an exam, he was opening multiple tabs to exploit the feature that informs him whether the answer was correct or not. He then will use this information to eliminate the wrong answers and submit all the right answers in another tab/window.
I'm using Rails 4.2. Is there a way to prevent multi-tab browsing? I'm thinking like if a user is signed in and he attempted to open a new tab of the webapp, he should see something like "Please use one tab" and all the features/hyperlinks/buttons are disabled.
Here's a screenshot of how I proved he was using multiple tabs. Notice that there are multiple logs of the same attempt # because the current implementation allows saving a study session and resuming later (this is the part that's exploited). The opening of multiple tabs searches for the most recent attempt session and continues from there. This is also the reason why most of the sessions don't have a duration value -- the user only finishes a study session for one tab (by clicking a button that ends the study session). The system cannot compute for the duration because the other sessions don't have an end timestamp.
-
This is what a single-tab user looks like:
This is more of an application misuse issue more than a bug.
Upvotes: 0
Views: 3439
Answers (2)
Reputation: 1295
I found an answer here. I just placed this js in the application view to prevent any extra instance of the website. Thanks for everyone who pitched in.
Upvotes: 0
Reputation: 191
You should add protection not only from multi tab, but for multi browsers aw well, so it can't be purely FrontEnd check.
One of the solutions could be using ActionCable to check if a user has an active connection already and then act accordingly.
Another, for example, generate a GUID in JS and pass it with every answer. If its different from previous answer, it means user opened a new window.
But of course the solution would depend on your current architecture, without knowing how do you currently organise client-server communication it's hard to give exact and optimal solution.
Upvotes: 1
Related Questions
- Disable Session Lookup for a single controller action
- Rails: How to enable permenant session?
- How do I prevent Rails from creating a session?
- Multiple Tabs and Sessions issue in Ruby on Rails
- List sessions for current user only in Rails
- Rails: Disable/Remove the "session" functionality
- how can i stop opening other browsers or tabs using javascript or jquery when a user is taking a quiz?
- How to disable Rails sessions for web crawlers?
- log out if all tabs closed
- Clearing session values on tab close