Manual:$wgAllowSecuritySensitiveOperationIfCannotReauthenticate/en
From Linux Web Expert
| <translate> Authentication</translate>: $wgAllowSecuritySensitiveOperationIfCannotReauthenticate | |
|---|---|
| Whether to allow security-sensitive operations when reauthentication is not possible |
|
| <translate> Introduced in version:</translate> | 1.27.0 (Gerrit change 195297; git #d245bd25) |
| <translate> Removed in version:</translate> | <translate> still in use</translate> |
| <translate> Allowed values:</translate> | (associative array of operation => true or false. A default key must always be provided.) |
| <translate> Default value:</translate> | [ 'default' => true, ] |
| <translate> Other settings:</translate> <translate> Alphabetical</translate> | <translate> By function</translate> | |
Normally when the user attempts a security-sensitive operation (such as a password or email address change) and the last login was more than $wgReauthenticateTime seconds ago, MediaWiki sends them through the login page again.
When the user is authenticating via an immutable session (such as OAuth; more generally, those provided by a SessionProvider which returns false for canChangeUser()), login is not possible.
This configuration setting decides whether the user is allowed to perform the operation in such a case.
