summaryrefslogtreecommitdiff
path: root/plugins/session/README.md
diff options
context:
space:
mode:
Diffstat (limited to 'plugins/session/README.md')
-rw-r--r--plugins/session/README.md32
1 files changed, 32 insertions, 0 deletions
diff --git a/plugins/session/README.md b/plugins/session/README.md
index 9c931cb..4cd4273 100644
--- a/plugins/session/README.md
+++ b/plugins/session/README.md
@@ -23,6 +23,38 @@ The control flow is like this:
If it exists and hasn't expired yet, it confirms the authentication and the user
is logged in without a password.
+Installation
+------------
+
+This plugin uses a database table, described in the packaged install.sql file.
+Install it with this command:
+
+ cat ./install.sql | replace '{TAB}' '<tablename>' | \
+ mysql -h <host> -D <db> -u <user> -p<password>
+
+Next, you need to configure the database connection both in the main configuration
+file and in the local `./config.php` of this plugin.
+
+Finally, link the `www/rpc.php` file inside your website root somewhere inside
+your forum's cookie domain and path (most forums set the path to `/`, so the
+domain should be sufficient).
+
+Usage
+-----
+
+Whenever you need to authenticate to ejabberd, make a POST request to the URL
+that points at `www/rpc.php` with `salt` set to a reasonably random 16 character
+value.
+
+If the client making the POST request has a valid session for the site you're
+authenticating with, then you will receive a JSON-encoded response as follows:
+
+ `{"user":"<user>","secret":"<secret>","time":"<time>"}
+
+From the point in `<time>` to however long you configured the timeout
+(60 seconds are recommended), `<secret>` will be accepted as a password
+by ejabberd for `<user>` on any domains you set up to use the session
+plugin.
Security Considerations
-----------------------