User Management
Sendword supports multiple users with password-based authentication for the web dashboard.
Create a user
From the CLI:
sendword user create --username admin
Or from the web UI at /settings/users.
Authentication
Users log in at /login with username and password. Sessions are stored in the database with a configurable lifetime:
[auth]
session_lifetime = "24h"
secure_cookie = false
Set secure_cookie = true when running behind HTTPS.
Password hashing
Passwords are hashed with bcrypt. Plaintext passwords are never stored.
Change password
Users can change their own password at /settings/password.
Delete a user
Admins can delete users from the web UI at /settings/users.
Session behavior
- Sessions expire after the configured lifetime
- Logging out invalidates the session immediately
- Each login creates a new session