|Whether to allow security-sensitive operations when reauthentication is not possible
|Introduced in version:||1.27.0 (Gerrit change 195297; )|
|Removed in version:||still in use|
|Allowed values:||associative array of operation => true or false. A
|Other settings: Alphabetical | By function|
Normally when the user attempts a security-sensitive operation (such as a password or email address change) and the last login was more than
seconds ago, MediaWiki sends them through the login page again. When the user is authenticating via an immutable session (such as OAuth; more generally, those provided by a SessionProvider which returns false for
canChangeUser()), login is not possible. This configuration setting decides whether the user is allowed to perform the operation in such a case.