Support optional storing of auth token in domain-shared cookie

Bug #1066035 reported by Jeff Godin on 2012-10-12
6
This bug affects 1 person
Affects Status Importance Assigned to Milestone
Evergreen
Wishlist
Jeff Godin

Bug Description

Wishlist:

Support optional storing of the user's auth token in a cookie which is shared with other https:// servers that share a common domain with the OPAC host.

When this is enabled, when logging into the OPAC a cookie named shared_ses with path=/ and domain=.example.com is set. Like the ses cookie, the shared_ses cookie is only sent over "secure" connections.

This can be used to support a simplistic form of single sign-on, allowing external web interfaces to verify the auth token against Evergreen if they already have support for same. An external EZproxy authentication CGI is the immediate use case that I have in mind.

Logging out of the OPAC deletes both the ses and the shared_ses cookies.

After logging into the OPAC, a user that attempts to access an EZproxy link is redirected to a CGI script hosted on https://www.example.org/ -- that CGI would typically prompt for login credentials. Now the CGI can look for the presence of the shared_ses token first, verify that the token is valid, and skip prompting for credentials.

Jeff Godin (jgodin) wrote :

Working branches are at:

users/jeff/shared_ses_cookie
users/jeff/shared_ses_cookie_rebase - rebased/squashed to a single commit - likely to be force-pushed

Ben Shum (bshum) on 2013-03-03
Changed in evergreen:
milestone: 2.4.0-alpha1 → 2.4.0-beta
Ben Shum (bshum) on 2013-03-17
Changed in evergreen:
milestone: 2.4.0-beta → 2.4.0-rc
Ben Shum (bshum) on 2013-04-22
Changed in evergreen:
milestone: 2.4.0-rc → 2.5.0-alpha
Dan Wells (dbw2) on 2013-06-12
Changed in evergreen:
milestone: 2.5.0-m1 → 2.5.0-m2
Dan Wells (dbw2) on 2013-07-15
Changed in evergreen:
milestone: 2.5.0-m2 → 2.5.0-alpha1
Remington Steed (rjs7) on 2013-08-12
Changed in evergreen:
milestone: 2.5.0-alpha1 → 2.5.0-alpha2
Dan Wells (dbw2) on 2013-08-26
Changed in evergreen:
milestone: 2.5.0-alpha2 → 2.5.0-beta1
Dan Wells (dbw2) on 2013-09-29
Changed in evergreen:
milestone: 2.5.0-beta1 → 2.5.0-rc
Dan Wells (dbw2) on 2013-10-07
Changed in evergreen:
milestone: 2.5.0-rc → 2.next
Dan Wells (dbw2) on 2014-02-05
Changed in evergreen:
milestone: 2.6.0-alpha1 → 2.6.0-beta1
Dan Wells (dbw2) on 2014-02-27
Changed in evergreen:
milestone: 2.6.0-beta1 → 2.next
Andrea Neiman (aneiman) on 2019-03-05
tags: added: wishlist
removed: enhancement
To post a comment you must log in.
This report contains Public information  Edit
Everyone can see this information.

Other bug subscribers