From code/src wiki
Jump to: navigation, search

Secure Login

mediawiki sends plain-text passwords over the network by default. Use the following extension to enable SSL for the login page.

Extract the SecureLoginPage.tar.gz file into the /var/lib/mediawiki/extensions directory, then insert the following into your /etc/mediawiki/LocalSettings.php file:


MediaWiki sets the "secure" flag on the session cookies by default ($wgCookieSecure == 1). This prevents the browser from supplying the login cookie unless viewing the page over SSL. The /var/lib/mediawiki/extensions/SecureLoginPage/SecureLoginPage_body.php script must be modified to prevent redirecting non-login wiki pages back to HTTP from HTTPS. Modify the "otherPage" function as follows:

function otherPage($out) {
    return true;

_Note:_ An SSL-enabled VirtualHost is required in your Apache config.

Original code obtained from the code examples of the book MediaWiki by Daniel J. Barrett.