This setting kills your Mahara session whenever you navigate
to Mahara from a link or redirect on another page. This totally
prevents SAML and other redirect-based auth methods from working,
makes it annoying to use links in email, and while it is mentioned
on the PHP manual's "Securing Sessions" page, it's only
recommended there if you also have "session.use_trans_id" enabled,
which we do not.
Change-Id: I8b3b14bae8043c5004cc8f36766f2db9422eac1c
behatnotneeded: Can't be tested by behat
(cherry picked from commit 91807920f4fb2981e1faa4978342d07674590d18)
Reviewed: https:/ /reviews. mahara. org/6327 /git.mahara. org/mahara/ mahara/ commit/ 37dced259ed3f49 4180b451aef6110 fc05897ba0
Committed: https:/
Submitter: Robert Lyon (<email address hidden>)
Branch: 16.04_STABLE
commit 37dced259ed3f49 4180b451aef6110 fc05897ba0
Author: Aaron Wells <email address hidden>
Date: Tue Apr 12 15:46:28 2016 +1200
Remove session. referer_ check (Bug 1566366)
This setting kills your Mahara session whenever you navigate use_trans_ id" enabled,
to Mahara from a link or redirect on another page. This totally
prevents SAML and other redirect-based auth methods from working,
makes it annoying to use links in email, and while it is mentioned
on the PHP manual's "Securing Sessions" page, it's only
recommended there if you also have "session.
which we do not.
Change-Id: I8b3b14bae8043c 5004cc8f36766f2 db9422eac1c 1e1faa4978342d0 7674590d18)
behatnotneeded: Can't be tested by behat
(cherry picked from commit 91807920f4fb298