2020-05-14 23:29:41 +02:00
|
|
|
Store user password in session
|
|
|
|
==============================
|
|
|
|
|
|
|
|
Presentation
|
|
|
|
------------
|
|
|
|
|
|
|
|
Password is not a common attribute. Indeed, in most of the cases, it is
|
|
|
|
not stored in clear text in the backend (LDAP or database).
|
|
|
|
|
|
|
|
So, to keep user password in session, you cannot just export the
|
|
|
|
password variable in session. To bypass this, LL::NG can remember what
|
|
|
|
password was given by user on authentication phase.
|
|
|
|
|
|
|
|
|
2020-05-21 15:13:24 +02:00
|
|
|
.. attention::
|
2020-05-18 09:56:39 +02:00
|
|
|
|
|
|
|
|
2020-05-14 23:29:41 +02:00
|
|
|
|
|
|
|
- As this may be a security hole, password store in session is not
|
|
|
|
activated by default
|
|
|
|
- This mechanism can only work with authentication backends using a
|
|
|
|
login/password form (:doc:`LDAP<authldap>`, :doc:`DBI<authdbi>`, ...)
|
2020-05-18 09:56:39 +02:00
|
|
|
|
2020-05-14 23:29:41 +02:00
|
|
|
|
|
|
|
|
|
|
|
Configuration
|
|
|
|
-------------
|
|
|
|
|
|
|
|
Go in Manager, ``General Parameters`` » ''Sessions '' »
|
|
|
|
``Store user password in session data`` and set to ``On``.
|
|
|
|
|
|
|
|
Usage
|
|
|
|
-----
|
|
|
|
|
|
|
|
User password is now available in ``$_password`` variable. For example,
|
|
|
|
to send it in an header:
|
|
|
|
|
|
|
|
::
|
|
|
|
|
|
|
|
Auth-Password => $_password
|
|
|
|
|
|
|
|
|
2020-05-18 09:56:39 +02:00
|
|
|
.. tip::
|
2020-05-14 23:29:41 +02:00
|
|
|
|
|
|
|
For security reasons, the password is not shown in sessions
|
|
|
|
explorer.
|