Login and session management
Accessing the admin interface
The admin interface is accessible at:
[APPLICATION_URL]/admin
If you are not logged in, you are automatically redirected to the login page:
[APPLICATION_URL]/admin/login
Login page (/admin/login)
The page displays: - The Racines logo - An Email field - A Password field - A "Se connecter" button - An error message if login fails
Login procedure
- Enter your administrator email (e.g.
admin@racines.app) - Enter your password
- Click "Se connecter"
- On success → redirect to
/admin(dashboard)
Error messages
| Message | Cause | Solution |
|---|---|---|
| "Email ou mot de passe incorrect" | Wrong credentials | Check email and password |
| "Erreur réseau" | No connection | Check your internet connection |
| "Trop de tentatives" | Security rate limiting | Wait a few minutes |
Authentication mechanism
Admin authentication uses:
1. PBKDF2 hashing: your password is stored hashed (100,000 iterations, SHA256, random salt) — never in plain text
2. JWT HS256: a signed token is generated after successful login
3. HttpOnly cookie: the token is stored in a secure cookie (auth-token) — not accessible from JavaScript
4. Expiration: the token expires after 7 days — you will need to log in again after that
The cookie is marked Secure in production (transmitted over HTTPS only).
Session management
Session duration
The session remains active for 7 days from the last login. After expiration, you are redirected to the login page.
Manual logout
The "Déconnexion" button is available in the admin interface (header or menu). It deletes the session cookie on both the server and browser sides.
Best practice: always log out after use on a shared device.
Expired session
If your session expires while you are working, the next action will trigger a redirect to /admin/login. Unsaved data may be lost — save regularly.
Creating an administrator account
Administrator accounts are created by the technical team. There is no graphical interface for this.
If you need a new account, send a request to the technical team specifying the desired email address.
If you forget your password
There is no automatic email recovery procedure. Contact the technical team to reset your password.