• Aaron Wells's avatar
    Remove session.referer_check (Bug 1566366) · 90242956
    Aaron Wells authored
    This setting kills your Mahara session whenever you navigate
    to Mahara from a link or redirect on another page. This totally
    prevents SAML and other redirect-based auth methods from working,
    makes it annoying to use links in email, and while it is mentioned
    on the PHP manual's "Securing Sessions" page, it's only
    recommended there if you also have "session.use_trans_id" enabled,
    which we do not.
    Change-Id: I8b3b14bae8043c5004cc8f36766f2db9422eac1c
    behatnotneeded: Can't be tested by behat
    (cherry picked from commit 91807920)
    (cherry picked from commit c9b8ff02)
    (cherry picked from commit bcdd15ea)
session.php 11.8 KB