Automatic Logging in to Plesk
Automatic logging in to Plesk is especially useful for integration purposes, so that customers who have logged in to some other system can access Plesk without having to log in a second time.
The recommended way to implement automatic logging in is to redirect
users to a one-time use URL that contains a session token. To generate a
session token for a user, run an XML API request that uses the
create_session operation of the server operator.
An example of the request:
<packet version="1.6.3.3">
<server>
<create_session>
<login>admin</login>
<data>
<user_ip>MTAuNTAuMS43MQ==</user_ip>
<source_server></source_server>
</data>
</create_session>
</server>
</packet>
The login parameter specifies the Plesk user for whom you need to
create a session. The user-ip parameter is an IP address of the
user, encoded using the base64 algorithm.
An example of the response:
<packet version="1.6.3.3">
<server>
<create_session>
<result>
<status>ok</status>
<id>ede520d0fc93ae7aa0524076d631fba2</id>
</result>
</create_session>
</server>
</packet>
Plesk creates a session token for the specified user. It is contained in
the id tag (ede520d0fc93ae7aa0524076d631fba2 in the example).
The generated session token can be used in scripts. A script redirects
the user’s browser to rsession_init.php, and the user is logged in
to the Customer Panel.
An example of the URL containing a session token for logging in to the Customer Panel:
https://<server-host-or-ip-address>:8443/enterprise/rsession_init.php?PLESKSESSID=1ba78fc5e27a2af9302717dbe1febb24
The full list of parameters that rsession_init.php takes is as
follows:
-
PLESKSESSID. A session token. -
success_redirect_url(optional). The URL to which the browser will be redirected after a successful login.Note: In Plesk 12.0 and earlier, the
success_redirect_urlparameter should contain an absolute path with the hostname that has initiated the session creation (using another hostname will cause failure because of security protection). Starting from Plesk 12.5, you can specify a relative URL like/admin/customer/list. -
failure_redirect_url(optional). The URL to which the browser will be redirected after a failed login attempt. This parameter is also used as the logout URL. -
no_frames(optional, deprecated). Use this parameter to display the Plesk Administrator Panel without frames. -
locale_id(optional). The locale identifier (such as de-DE).
The easier, but not recommended way to implement automatic logging in functionality is to pass a plain password as a parameter in URL. Such a URL looks like this:
https://<server-host-or-ip>:8443/login_up.php3?login_name=<login>&passwd=<password>&success_redirect_url=<success_redirect_url>&failure_redirect_url=<failure_redirect_url>
The full list of parameters that login_up.php3 takes is as follows:
-
login. User’s login. -
passwd. User’s plain password. -
success_redirect_url(optional). The URL to which the browser redirects a user after a successful login.Note: In Plesk 12.0 and earlier, the
success_redirect_urlparameter should contain an absolute path with the hostname that has initiated the session creation (using another hostname will cause failure because of security protection). Starting from Plesk 12.5, you can specify a relative URL like/admin/customer/list. -
failure_redirect_url(optional). The URL to which a user will be redirected after a failed attempt to log in. This parameter is also used as the logout URL. -
no_frames(optional, deprecated). Use this parameter to display the Plesk Administrator Panel without frames. -
locale_id(optional). The locale identifier (such as de-DE).