|Whether to allow security-sensitive operations when reauthentication is not possible
|Introduced in version:||1.27.0 (Gerrit change 195297; )|
|Removed in version:||still in use|
|Allowed values:||associative array of operation => true or false. A
|Other settings: Alphabetical | By function|
Normally when the user attempts a security-sensitive operation (such as a password or email address change) and the last login was more than
$wgReauthenticateTime seconds ago, MediaWiki sends them through the login page again. When the user is authenticating via an immutable session (such as OAuth; more generally, those provided by a SessionProvider which returns false for
canChangeUser()), login is not possible. This configuration setting decides whether the user is allowed to perform the operation in such a case.