Wishlist:
Support optional storing of the user's auth token in a cookie which is shared with other https:// servers that share a common domain with the OPAC host.
When this is enabled, when logging into the OPAC a cookie named shared_ses with path=/ and domain=.example.com is set. Like the ses cookie, the shared_ses cookie is only sent over "secure" connections.
This can be used to support a simplistic form of single sign-on, allowing external web interfaces to verify the auth token against Evergreen if they already have support for same. An external EZproxy authentication CGI is the immediate use case that I have in mind.
Logging out of the OPAC deletes both the ses and the shared_ses cookies.
After logging into the OPAC, a user that attempts to access an EZproxy link is redirected to a CGI script hosted on https://www.example.org/ -- that CGI would typically prompt for login credentials. Now the CGI can look for the presence of the shared_ses token first, verify that the token is valid, and skip prompting for credentials.
Working branches are at:
users/jeff/ shared_ ses_cookie shared_ ses_cookie_ rebase - rebased/squashed to a single commit - likely to be force-pushed
users/jeff/