Changes the users password on the current web session
This method should be used on "password self service" applications where users are able to change their login password on the authentication backend. After that is done his old password, which he has used before to login to the system, is still stored and present on his web session but no longer matches the changed password.
Calling this method after the password change will also change the stored password on the web session and therefor prevent the user from being logged out.
For backward compatibility there still is a method "changeSessionPassword()" available on TMLContext whose use is discouraged since OpenWGA 5.3.
The new password
|Allowed in script types||
The following script stores a form to a user definition document of an authentication content store which is effectively going to change the password of this user. The user himself is going to trigger this script, therefor his session password is to be changed too.
Therefor the method changeSessionPassword() is used here. It retrieves the new password from the WebTML form object as field "newpassword". It uses the entered value of that password because the parsed value may already be password-hashed for storage and may no longer be the original password.