Automatic Logging In to Plesk
Automatic logging in to Plesk is especially useful for integration purposes, so that customers who have logged in to some other system could access Plesk without having to log in for the second time.
The recommended way to implement automatic logging in is to redirect
users to a one-time use URL that contains a session token. To generate a
session token for a specified user, you should run an XML API request
that uses the create_session operation of the server operator.
An example of the request:
<packet version="1.6.3.3">
<server>
<create_session>
<login>admin</login>
<data>
<user_ip>MTAuNTAuMS43MQ==</user_ip>
<source_server></source_server>
</data>
</create_session>
</server>
</packet>
The login parameter specifies the Plesk user for whom you need to
create a session. The user-ip parameter is an IP address of the
user, encoded using base64 algorithm.
An example of the response:
<packet version="1.6.3.3">
<server>
<create_session>
<result>
<status>ok</status>
<id>ede520d0fc93ae7aa0524076d631fba2</id>
</result>
</create_session>
</server>
</packet>
Plesk creates a session token for the specified user. It is contained in
the id tag (ede520d0fc93ae7aa0524076d631fba2 in the example).
The generated session token can be used in scripts: a script redirects
the user’s browser to rsession_init.php, and the user is logged in
to Plesk.
The example of URL:
https://<server-host-or-ip-address>:8443/enterprise/rsession_init.php?PLESKSESSID=ede520d0fc93ae7aa0524076d631fba2&success_redirect_url=<success_redirect_url>
The full list of parameters that rsession_init.php takes is as
follows:
-
PLESKSESSID. A session token. -
success_redirect_url(optional). The URL to which the browser will be redirected after a successful login.Note: In Plesk 12.0 and earlier, the
success_redirect_urlparameter should contain an absolute path with the hostname that has initiated the session creation (using another hostname will cause failure because of security protection). Starting from Plesk 12.5, you can specify a relative URL like/admin/customer/list. -
failure_redirect_url(optional). The URL to which the browser will be redirected after a failed login attempt. This parameter is also used as the logout URL. -
no_frames(optional, deprecated). Use this parameter to display the Plesk Administrator Panel without frames. -
locale_id(optional). A locale name (such as de-DE).
The easier, but not recommended way to implement automatic logging in functionality is to pass plain password as a parameter in URL. Such a URL looks as follows:
https://<server-host-or-ip>:8443/login_up.php3?login_name=<login>&passwd=<password>&success_redirect_url=<success_redirect_url>&failure_redirect_url=<failure_redirect_url>
The full list of parameters that login_up.php3 takes is as follows:
-
login. User’s login. -
passwd. User’s plain password. -
success_redirect_url (optional). The URL to which the browser will be redirected after a successful login.Note: In Plesk 12.0 and earlier, the
success_redirect_urlparameter should contain an absolute path with the hostname that has initiated the session creation (using another hostname will cause failure because of security protection). Starting from Plesk 12.5, you can specify a relative URL like/admin/customer/list. -
failure_redirect_url(optional). The URL to which the browser will be redirected after a failed login attempt. This parameter is also used as the logout URL. -
no_frames(optional, deprecated). Use this parameter to display the Plesk Administrator Panel without frames. -
locale_id(optional). A locale name (such as de-DE).