diff --git a/lemonldap-ng-manager/lib/Lemonldap/NG/Manager/Sessions.pm b/lemonldap-ng-manager/lib/Lemonldap/NG/Manager/Sessions.pm
index 7b8e5b03b..b6e6869e0 100644
--- a/lemonldap-ng-manager/lib/Lemonldap/NG/Manager/Sessions.pm
+++ b/lemonldap-ng-manager/lib/Lemonldap/NG/Manager/Sessions.pm
@@ -24,7 +24,7 @@ use utf8;
 our $whatToTrace;
 *whatToTrace = \$Lemonldap::NG::Handler::_CGI::whatToTrace;
 
-our $VERSION = '1.2.5';
+our $VERSION = '1.3.0';
 
 our @ISA = qw(
   Lemonldap::NG::Handler::CGI
@@ -80,6 +80,10 @@ sub new {
     # Multi values separator
     $self->{multiValuesSeparator} ||= '; ';
 
+    # Attributes to hide
+    $self->{hiddenAttributes} = "_password"
+      unless defined $self->{hiddenAttributes};
+
     # Now we're ready to display sessions. Choose display type
     foreach my $k ( $self->param() ) {
 
@@ -445,8 +449,8 @@ sub session {
             $value = $newvalue;
         }
 
-        # Hide password
-        $value = '******' if ( $_ =~ /^_password$/ );
+        # Hide attributes
+        $value = '****' if ( $self->{hiddenAttributes} =~ /\b$_\b/ );
 
         # Manage timestamp
         if ( $_ =~ /^(_utime|_lastAuthnUTime)$/ ) {
diff --git a/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Simple.pm b/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Simple.pm
index 20544e2e6..f40ad0379 100644
--- a/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Simple.pm
+++ b/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Simple.pm
@@ -572,6 +572,8 @@ sub setDefaultValues {
     $self->{confirmFormMethod}  ||= "post";
     $self->{redirectFormMethod} ||= "get";
     $self->{authChoiceParam}    ||= "lmAuth";
+    $self->{hiddenAttributes} = "_password"
+      unless defined $self->{hiddenAttributes};
 
     # Set default userDB and passwordDB to DBI if authentication is DBI
     if ( $self->{authentication} =~ /DBI/i ) {
@@ -759,9 +761,9 @@ sub buildHiddenForm {
 
         # Build hidden input HTML code
         $val .=
-            '<input type="hidden" name="'
-          . $_
-          . '" id="'
+            '<input type="hidden" name="' 
+          . $_ 
+          . '" id="' 
           . $_
           . '" value="'
           . $self->{portalHiddenFormValues}->{$_} . '" />';
@@ -2453,9 +2455,11 @@ sub store {
       or return PE_APACHESESSIONERROR;
     foreach my $k ( keys %{ $self->{sessionInfo} } ) {
         next unless defined $self->{sessionInfo}->{$k};
-        $self->lmLog(
-            "Store " . $self->{sessionInfo}->{$k} . " in session key $k",
-            'debug' );
+        my $displayValue = $self->{sessionInfo}->{$k};
+        if ( $self->{hiddenAttributes} =~ /\b$k\b/ ) {
+            $displayValue = '****';
+        }
+        $self->lmLog( "Store $displayValue in session key $k", 'debug' );
         $h->{$k} = $self->{sessionInfo}->{$k};
     }
     untie %$h;