This setting kills your Mahara session whenever you navigate
to Mahara from a link or redirect on another page. This totally
prevents SAML and other redirect-based auth methods from working,
makes it annoying to use links in email, and while it is mentioned
on the PHP manual's "Securing Sessions" page, it's only
recommended there if you also have "session.use_trans_id" enabled,
which we do not.
Change-Id: I8b3b14bae8043c5004cc8f36766f2db9422eac1c
behatnotneeded: Can't be tested by behat
(cherry picked from commit 91807920f4fb2981e1faa4978342d07674590d18)
(cherry picked from commit c9b8ff0208356676feb5bd0c65873c9f19a73681)
(cherry picked from commit bcdd15eadeda3442518bea9c5d822bc07541bcbf)
Reviewed: https:/ /reviews. mahara. org/6330 /git.mahara. org/mahara/ mahara/ commit/ 902429569d07ea8 f483d8f0a835c66 a54b445f8a
Committed: https:/
Submitter: Robert Lyon (<email address hidden>)
Branch: 1.10_STABLE
commit 902429569d07ea8 f483d8f0a835c66 a54b445f8a
Author: Aaron Wells <email address hidden>
Date: Tue Apr 12 15:46:28 2016 +1200
Remove session. referer_ check (Bug 1566366)
This setting kills your Mahara session whenever you navigate use_trans_ id" enabled,
to Mahara from a link or redirect on another page. This totally
prevents SAML and other redirect-based auth methods from working,
makes it annoying to use links in email, and while it is mentioned
on the PHP manual's "Securing Sessions" page, it's only
recommended there if you also have "session.
which we do not.
Change-Id: I8b3b14bae8043c 5004cc8f36766f2 db9422eac1c 1e1faa4978342d0 7674590d18) 6feb5bd0c65873c 9f19a73681) 2518bea9c5d822b c07541bcbf)
behatnotneeded: Can't be tested by behat
(cherry picked from commit 91807920f4fb298
(cherry picked from commit c9b8ff020835667
(cherry picked from commit bcdd15eadeda344