This shows you the differences between two versions of the page.

Link to this comparison view

documentation:2.1:passwordstore [2019/01/15 15:55] (current)
Line 1: Line 1:
 +====== Store user password in session ======
 +===== Presentation =====
 +Password is not a common attribute. Indeed, in most of the cases, it is not stored in clear text in the backend (LDAP or database).
 +So, to keep user password in session, you cannot just export the password variable in session. To bypass this, LL::NG can remember what password was given by user on authentication phase.
 +<note important>
 +  * As this may be a security hole, password store in session is not activated by default
 +  * This mechanism can only work with authentication backends using a login/password form ([[authldap|LDAP]], [[authdbi|DBI]], ...)
 +===== Configuration =====
 +Go in Manager, ''General Parameters'' » ''Sessions '' » ''Store user password in session data'' and set to ''On''.
 +===== Usage =====
 +User password is now available in ''$_password'' variable. For example, to send it in an header:
 +Auth-Password => $_password
 +<note tip>For security reasons, the password is not shown in sessions explorer.</note>