Uploaded image for project: 'Moodle'
  1. Moodle
  2. MDL-74417

Links from Manage authentication to Test settings expose the sesskey in a GET url

    XMLWordPrintable

Details

    Description

      eg:

      /auth/test_settings.php?auth=saml2&sesskey=2wFyBAgdYZ

      These should not be needed, or if they are turn them into a post.

      https://docs.moodle.org/dev/Security:Cross-site_request_forgery#Ensure_your_code_does_not_expose_the_sesskey_inadvertently

       

      Attachments

        Activity

          People

            brendanheywood Brendan Heywood
            brendanheywood Brendan Heywood
            Peter Burnett Peter Burnett
            Jake Dallimore Jake Dallimore
            Adrian Greeve, Jake Dallimore, Mathew May, Mihail Geshoski
            Votes:
            0 Vote for this issue
            Watchers:
            7 Start watching this issue

            Dates

              Created:
              Updated:

              Time Tracking

                Estimated:
                Original Estimate - 0 minutes
                0m
                Remaining:
                Remaining Estimate - 0 minutes
                0m
                Logged:
                Time Spent - 10 minutes
                10m