Logs in a user on an application server that is using application-level authentication and sends a session cookie containing the session ID to the user's browser. Returns true on success, false on failure.
If the user calling this function has the xdmp:login
privilege, this function can be called without a password or with the empty
sequence as the password. In this case, login will succeed if
the specified user exists. Therefore, use the xdmp:login
privilege carefully, as any user with that
privilege will be able to execute code that uses the xdmp:login
function to log in as any user.
Note that only HTTP App Servers allow application-level authentication, and therefore this function only works on an HTTP App Server; it always returns false against an XDBC server.
The session exists in the E-node on which it was created; you cannot access that session from a different E-node.
You can use the xdmp:set-session-field function to
set a named value in the session and the xdmp:get-session-field
function to return a value set in a session field.
The user session expires when the session reaches its timeout limit.
The session cookie remains on the browser until the browser exits or the
cookie is explicitly removed by the user.
xdmp.login("mark","secret")
=> true() -- if user "mark" has password "secret"
xdmp.login("username") or xdmp.login("username", null)
=> true() -- if user calling the function has the
xdmp:login privilege
xdmp.login("username") or xdmp.login("username", null)
=> SEC-PRIV exception if the user calling the function does
not have the xdmp:login privilege
xdmp.login("username")
=> true() -- if current user has the xdmp:login privilege
xdmp.login("username")
=> SEC-PRIV exception if current user does not have the
xdmp:login privilege
xdmp.login("username", "secret", true,
["hadoop-user-read","hadoop-user-write"]);
=> true -- if current user has the xdmp:login privilege