This plug-in provides a number of convenience tools for managing login state.
When embedded into a normal webpage, the Login plug-in has the following behaviour:
When published onto static pages, the Login plugin inspects the cookie state to determine who the user claims to be, but it does not waste server resources validating this identity, since the page is public anyway. (If the identity is not valid, the user will fail to authenticate when they visit a real members-only page.) When viewed on dynamic pages, however, the user's identity is validated before it is reported.
Forms and links are wrapped in a div or span wrapper of CSS class "Login". This may be used to style the login output appropriately.
The Login plug-in accepts the following options, which can be encoded into a configuration file or passed in the plugin tag:
If using the "session" method of authentication, there is no information on the user's name or identity that is stored client-side, so the Login plugin can only report that the user is logged in, but not as whom. Furthermore, this information is not sensitive to the expiry time of the session, so it may become invalid once a certain period of time has elapsed.
The Login Control Panel allows you to assume the identity of a regular website user. The available user identities are listed. (You can only switch to a user whose access level is less than your own.)
To switch to a user, click on their name. This effectively logs you in to the public side of the site. A new window will open on the public site. You should then be able to navigate into member-only areas as the user you selected.
NOTE: you are no longer logged in as the administrator once you do this. Your admin windows/screens will still be open, however. If you attempt to use them, you are doing so as the new user. This will result in "permission denied" errors, if the new user identity has no administration privileges, and possibly unexpected administration screens otherwise. When you are done working as the new identity, you should log out, then refresh the admin screens to get a login screen. This will let you return to your regular identity.