documentation:2.1:passwordstore

Differences

This shows you the differences between two versions of the page.

Link to this comparison view

documentation:2.1:passwordstore [2019/01/15 15:55] (current)
Line 1: Line 1:
 +====== Store user password in session ======
  
 +===== Presentation =====
 +
 +Password is not a common attribute. Indeed, in most of the cases, it is not stored in clear text in the backend (LDAP or database).
 +
 +So, to keep user password in session, you cannot just export the password variable in session. To bypass this, LL::NG can remember what password was given by user on authentication phase.
 +
 +<note important>
 +  * As this may be a security hole, password store in session is not activated by default
 +  * This mechanism can only work with authentication backends using a login/password form ([[authldap|LDAP]], [[authdbi|DBI]], ...)
 +</note>
 +
 +===== Configuration =====
 +
 +Go in Manager, ''General Parameters'' » ''Sessions '' » ''Store user password in session data'' and set to ''On''.
 +
 +===== Usage =====
 +
 +User password is now available in ''$_password'' variable. For example, to send it in an header:
 +<code>
 +Auth-Password => $_password
 +</code>
 +
 +<note tip>For security reasons, the password is not shown in sessions explorer.</note>