Manual:$wgAllowSecuritySensitiveOperationIfCannotReauthenticate

Languages:

Authentication: $wgAllowSecuritySensitiveOperationIfCannotReauthenticate
Whether to allow security-sensitive operations when reauthentication is not possible
Introduced in version:	1.27.0 (Gerrit change 195297; git #d245bd25)
Removed in version:	Still in use
Allowed values:	(associative array of operation => true or false. A `default` key must always be provided.)
Default value:	`[ 'default' => true, ]`
Other settings: Alphabetical \| By function

Normally when the user attempts a security-sensitive operation (such as a password or email address change) and the last login was more than $wgReauthenticateTime seconds ago, MediaWiki sends them through the login page again. When the user is authenticating via an immutable session (such as OAuth; more generally, those provided by a SessionProvider which returns false for canChangeUser()), login is not possible. This configuration setting decides whether the user is allowed to perform the operation in such a case.

Retrieved from "https://www.mediawiki.org/w/index.php?title=Manual:$wgAllowSecuritySensitiveOperationIfCannotReauthenticate&oldid=6456524"