Conflicts:

	htdocs/group/edit.php
	htdocs/lib/db/upgrade.php

Use the session's authinstance information for userauthinstance rather than $USER->lastauthinstance, which, while it might be correct due to session caching in the $USER object, isn't strictly "right".

Get the information about where an MNET user has come from, from the database rather than hackily storing it in the session when they log in.

Calls the MNET method kill_children at the IDP so proper single singout happens. But we _don't_ do this when the session times out, as the user could log in again.

Make sure we set/unset session variables as appropriate also.

Tweak the find_by_instanceid_username method to retrieve correct results when more than one remote app is SSOing in.

Previously, we looked up users using a parent authentication method using the username we were given. But Mahara may know them as something different based on the auth_remote_user table.

We use this to display a message saying whether the user has logged in from.

This information is also used when a user's session times out and they re-log in again using the login form. If we know they were an MNET user, then when they log in again we can still assume they originally came from their Moodle so we can send them back there later when they really log out.

This is called when there is an explicit logout request with no more processing on the page to be performed - i.e. the user clicks logout or their session times out.

In the case of an MNET user whose session has timed out, if they have a parent authentication method (i.e. they can use the login form as well), then we continue to remember that they originally signed in using an XMLRPC authinstance, so that when they click logout later, they're correctly taken back to their remote application.

This makes it far more obvious what has gone wrong, and on which site networking has failed.

Conflicts:

	htdocs/auth/xmlrpc/lang/en.utf8/auth.xmlrpc.php

When an MNET user in Mahara clicks a logout link, they are logged out of Mahara, a kill_parent request is sent to the remote application, and they are sent back to their remote application. The overall affect is a much nicer user experience, as they're taken back somewhere that they can log in.

Put the ID of the authinstance that was used in the session for MNET users. Unset all MNET related variables in the session when logging out.

Add a link to the profile sideblock that says where you came from if you're an MNET user, and gives you the ability to jump back there.

Conflicts:

	htdocs/auth/xmlrpc/lang/en.utf8/auth.xmlrpc.php

This was only causing noise, there was no breakage caused because of it.

Add an option - usersuniquebyusername - that allows users from multiple institutions to SSO in to one Mahara account. Tentative fix for #2243.

If this option is turned on (only in config.php), then when users SSO in from any XMLRPC authentication instance, they will be considered the same user if they have the same username. This differs from current behaviour, in that if the users' authinstances are different then they are considered different users.

If this option is turned on, no institution in the system is allowed to have self registration turned on. Also, users must be able to belong to multiple institutions.

This option added thanks to Howard Miller/Glasgow University.

This happened if you weren't an admin, so I missed it the first time around.

Conflicts:

	htdocs/lib/version.php