MarkLogic 10 Product Documentation
xdmp:login

xdmp:login(
   $name as xs:string,
   [$password as xs:string?],
   [$set-session as xs:boolean?],
   [$role-names as xs:string*]
) as xs:boolean

Summary

Logs in a user on an application server that is using application-level authentication and sends a session cookie containing the session ID to the user's browser. Returns true on success, false on failure.

If the user calling this function has the xdmp:login privilege, this function can be called without a password or with the empty sequence as the password. In this case, login will succeed if the specified user exists. Therefore, use the xdmp:login privilege carefully, as any user with that privilege will be able to execute code that uses the xdmp:login function to log in as any user.

Note that only HTTP App Servers allow application-level authentication, and therefore this function only works on an HTTP App Server; it always returns false against an XDBC server.

Parameters
name The username of the user to be logged in.
password The user's password. The password is not needed if the user calling the function has the xdmp:login execute privilege.
set-session A boolean value specifying whether to set a session variable for the login. The default is true. Set to false to not set the session variable to maintain the user logged in.
role-names Roles that should be temporarily assigned to the user. The default is empty.

Usage Notes

The session exists in the E-node on which it was created; you cannot access that session from a different E-node.

You can use the xdmp:set-session-field function to set a named value in the session and the xdmp:get-session-field function to return a value set in a session field. The user session expires when the session reaches its timeout limit. The session cookie remains on the browser until the browser exits or the cookie is explicitly removed by the user.

Example

xdmp:login("mark","secret")
=> true() -- if user "mark" has password "secret"

Example

xdmp:login("username") or xdmp:login("username", ())
=> true() -- if user calling the function has the
               xdmp:login privilege

Example

xdmp:login("username") or xdmp:login("username", ())
=> SEC-PRIV exception if the user calling the function does
              not have the xdmp:login privilege

Example

xdmp:login("username")
=> true() -- if current user has the xdmp:login privilege

Example

xdmp:login("username")
=> SEC-PRIV exception if current user does not have the
              xdmp:login privilege

Example

xdmp:login("username","secret",fn:true(),
		("hadoop-user-read","hadoop-user-write"))
=> true() -- if current user has the xdmp:login privilege
Powered by MarkLogic Server | Terms of Use | Privacy Policy