Uploaded image for project: 'Moodle'
  1. Moodle
  2. MDL-74417

Links from Manage authentication to Test settings expose the sesskey in a GET url

    XMLWordPrintable

Details

    Description

      eg:

      /auth/test_settings.php?auth=saml2&sesskey=2wFyBAgdYZ

      These should not be needed, or if they are turn them into a post.

      https://docs.moodle.org/dev/Security:Cross-site_request_forgery#Ensure_your_code_does_not_expose_the_sesskey_inadvertently

       

      Attachments

        Activity

          People

            brendanheywood Brendan Heywood
            brendanheywood Brendan Heywood
            Peter Burnett Peter Burnett
            Jake Dallimore Jake Dallimore
            David Woloszyn, Huong Nguyen, Jake Dallimore, Meirza, Michael Hawkins, Raquel Ortega, Safat Shahin, Stevani Andolo
            Votes:
            0 Vote for this issue
            Watchers:
            7 Start watching this issue

            Dates

              Created:
              Updated:

              Time Tracking

                Estimated:
                Original Estimate - 0 minutes
                0m
                Remaining:
                Remaining Estimate - 0 minutes
                0m
                Logged:
                Time Spent - 10 minutes
                10m