If the WebMail or WebAdmin Server receives a URI (by GET or POST) that contains an "action" query, it will treat this query as a special one, triggering the following actions:
- login: account login, that requests the following queries:
Y username
Y password
Y disableCookie (if enabled, the cookie authentication will be disabled)
− logout: if exists, the current session will be discarded
HSP files are organized in two main zones: public zone and private zone. Access to the private zone is only granted to successfully authenticated clients. If authentication is not successful, the client has access only to the public zone. After a successful login, the client receives a session key (and a session cookie key, if the disableCookie option doesn't exist). This session key MUST be used as a value for the "_h" variable in all HTTP queries, for session authentication.