Automatic logging in to Plesk is especially useful for integration purposes, so that customers who have logged in to some other system could access Plesk without having to log in for the second time.

The recommended way to implement automatic logging in is to redirect users to a one-time use URL that contains a session token. To generate a session token for a specified user, you should run an XML API request that uses the create_session operation of the server operator.

An example of the request:

<packet version="1.6.3.3">
  <server>
    <create_session>
      <login>admin</login>
      <data>
        <user_ip>MTAuNTAuMS43MQ==</user_ip>
        <source_server></source_server>
      </data>
    </create_session>
  </server>
</packet>

The login parameter specifies the Plesk user for whom you need to create a session. The user-ip parameter is an IP address of the user, encoded using base64 algorithm.

An example of the response:

<packet version="1.6.3.3">
  <server>
    <create_session>
      <result>
        <status>ok</status>
        <id>ede520d0fc93ae7aa0524076d631fba2</id>
      </result>
    </create_session>
 </server>
</packet>

Plesk creates a session token for the specified user. It is contained in the id tag (ede520d0fc93ae7aa0524076d631fba2 in the example).

The generated session token can be used in scripts: a script redirects the user’s browser to rsession_init.php, and the user is logged in to Plesk.

The example of URL:

https://<server-host-or-ip-address>:8443/enterprise/rsession_init.php?PLESKSESSID=ede520d0fc93ae7aa0524076d631fba2&success_redirect_url=<success_redirect_url>

The full list of parameters that rsession_init.php takes is as follows:

  • PLESKSESSID. A session token.

  • success_redirect_url (optional). The URL to which the browser will be redirected after a successful login.

    Note: In Plesk 12.0 and earlier, the success_redirect_url parameter should contain an absolute path with the hostname that has initiated the session creation (using another hostname will cause failure because of security protection). Starting from Plesk 12.5, you can specify a relative URL like /admin/customer/list.

  • failure_redirect_url (optional). The URL to which the browser will be redirected after a failed login attempt. This parameter is also used as the logout URL.

  • no_frames (optional, deprecated). Use this parameter to display the Plesk Administrator Panel without frames.

  • locale_id (optional). A locale name (such as de-DE).

The easier, but not recommended way to implement automatic logging in functionality is to pass plain password as a parameter in URL. Such a URL looks as follows:

https://<server-host-or-ip>:8443/login_up.php3?login_name=<login>&passwd=<password>&success_redirect_url=<success_redirect_url>&failure_redirect_url=<failure_redirect_url>

The full list of parameters that login_up.php3 takes is as follows:

  • login. User’s login.

  • passwd. User’s plain password.

  • success_redirect_url ( optional). The URL to which the browser will be redirected after a successful login.

    Note: In Plesk 12.0 and earlier, the success_redirect_url parameter should contain an absolute path with the hostname that has initiated the session creation (using another hostname will cause failure because of security protection). Starting from Plesk 12.5, you can specify a relative URL like /admin/customer/list.

  • failure_redirect_url (optional). The URL to which the browser will be redirected after a failed login attempt. This parameter is also used as the logout URL.

  • no_frames (optional, deprecated). Use this parameter to display the Plesk Administrator Panel without frames.

  • locale_id (optional). A locale name (such as de-DE).