Users running a non-download version of Vanilla (pulled from github), on branch release/2019.016 or master from the last 2 weeks should upgrade to release/2019.017 or latest master for security reasons. Downloaded official open sources releases are not affected.

Why does Vanilla use JavaScript for the SSO plugin? (jsConnect)

Something I haven't quite been able to wrap my mind around...

Is there any particular reason why JavaScript was chosen over simply using PHP?


  • LincLinc Director of Development Detroit Vanilla Staff

    We initiate the SSO handshake using the user's browser session. It's not possible to do that server-to-server.

Sign In or Register to comment.