mahara-contributors team mailing list archive

Thread
Date

[Bug 714967] Re: Remove remaining session tokens from urls into forms

To: mahara-contributors@xxxxxxxxxxxxxxxxxxx
From: François Marier <francois@xxxxxxxxxx>
Date: Tue, 08 Feb 2011 22:54:30 -0000
Reply-to: Bug 714967 <714967@xxxxxxxxxxxxxxxxxx>
Sender: bounces@xxxxxxxxxxxxx

Also, some places (the help popups) use the session key whereas they
should just be anonymous and public GET requests. (There is no need to
pass login credentials there.)

-- 
You received this bug notification because you are a member of Mahara
Contributors, which is subscribed to Mahara.
https://bugs.launchpad.net/bugs/714967

Title:
  Remove remaining session tokens from urls into forms

Status in Mahara ePortfolio:
  Confirmed

Bug description:
  Mahara still submits the session key in urls in a few places.  These
  should be turned into forms which submit the sesskey using POST.

References

[Bug 714967] [NEW] Remove remaining session tokens from urls into forms
From: Richard Mansfield, 2011-02-08