Automatic Logging in to Plesk

Automatic logging in to Plesk is especially useful for integration purposes, so that customers who have logged in to some other system can access Plesk without having to log in a second time.

The recommended way to implement automatic logging in is to redirect users to a one-time use URL that contains a session token. To generate a session token for a user, run an XML API request that uses the create_session operation of the server operator.

An example of the request:

<packet version="1.6.3.3">
  <server>
    <create_session>
      <login>admin</login>
      <data>
        <user_ip>MTAuNTAuMS43MQ==</user_ip>
        <source_server></source_server>
      </data>
    </create_session>
  </server>
</packet>

The login parameter specifies the Plesk user for whom you need to create a session. The user-ip parameter is an IP address of the user, encoded using the base64 algorithm.

An example of the response:

<packet version="1.6.3.3">
  <server>
    <create_session>
      <result>
        <status>ok</status>
        <id>ede520d0fc93ae7aa0524076d631fba2</id>
      </result>
    </create_session>
 </server>
</packet>

Plesk creates a session token for the specified user. It is contained in the id tag (ede520d0fc93ae7aa0524076d631fba2 in the example).

  

The generated session token can be used in scripts. A script redirects the user’s browser to rsession_init.php, and the user is logged in to the Customer Panel.

An example of the URL containing a session token for logging in to the Customer Panel:

https://<server-host-or-ip-address>:8443/enterprise/rsession_init.php?PLESKSESSID=1ba78fc5e27a2af9302717dbe1febb24

The full list of parameters that rsession_init.php takes is as follows:

  • PLESKSESSID. A session token.
  • success_redirect_url (optional). The URL to which the browser will be redirected after a successful login.

    Note: In Plesk 12.0 and earlier, the success_redirect_url parameter should contain an absolute path with the hostname that has initiated the session creation (using another hostname will cause failure because of security protection). Starting from Plesk 12.5, you can specify a relative URL like /admin/customer/list.

  • failure_redirect_url (optional). The URL to which the browser will be redirected after a failed login attempt. This parameter is also used as the logout URL.
  • no_frames (optional, deprecated). Use this parameter to display the Plesk Administrator Panel without frames.
  • locale_id (optional). The locale identifier (such as de-DE).

  

The easier, but not recommended way to implement automatic logging in functionality is to pass a plain password as a parameter in URL. Such a URL looks like this:

https://<server-host-or-ip>:8443/login_up.php3?login_name=<login>&passwd=<password>&success_redirect_url=<success_redirect_url>&failure_redirect_url=<failure_redirect_url>

The full list of parameters that login_up.php3 takes is as follows:

  • login. User's login.
  • passwd. User's plain password.
  • success_redirect_url (optional). The URL to which the browser redirects a user after a successful login.

    Note: In Plesk 12.0 and earlier, the success_redirect_url parameter should contain an absolute path with the hostname that has initiated the session creation (using another hostname will cause failure because of security protection). Starting from Plesk 12.5, you can specify a relative URL like /admin/customer/list.

  • failure_redirect_url (optional). The URL to which a user will be redirected after a failed attempt to log in. This parameter is also used as the logout URL.
  • no_frames (optional, deprecated). Use this parameter to display the Plesk Administrator Panel without frames.
  • locale_id (optional). The locale identifier (such as de-DE).
 

Leave your feedback on this topic here

If you have questions or need support, please visit the Plesk forum or contact your hosting provider.
The comments below are for feedback on the documentation only. No timely answers or help will be provided.