Evergreen

Support optional storing of auth token in domain-shared cookie

Bug #1066035 reported by Jeff Godin on 2012-10-12

This bug affects 1 person

Affects		Status	Importance	Assigned to	Milestone
	Evergreen	In Progress	Wishlist	Jeff Godin	Evergreen 3.next

Bug Description

Wishlist:

Support optional storing of the user's auth token in a cookie which is shared with other https:// servers that share a common domain with the OPAC host.

When this is enabled, when logging into the OPAC a cookie named shared_ses with path=/ and domain=.example.com is set. Like the ses cookie, the shared_ses cookie is only sent over "secure" connections.

This can be used to support a simplistic form of single sign-on, allowing external web interfaces to verify the auth token against Evergreen if they already have support for same. An external EZproxy authentication CGI is the immediate use case that I have in mind.

Logging out of the OPAC deletes both the ses and the shared_ses cookies.

After logging into the OPAC, a user that attempts to access an EZproxy link is redirected to a CGI script hosted on https://www.example.org/ -- that CGI would typically prompt for login credentials. Now the CGI can look for the presence of the shared_ses token first, verify that the token is valid, and skip prompting for credentials.

Tags:

Revision history for this message

Jeff Godin (jgodin) wrote on 2012-10-12:

Working branches are at:

users/jeff/shared_ses_cookie
users/jeff/shared_ses_cookie_rebase - rebased/squashed to a single commit - likely to be force-pushed

Ben Shum (bshum) on 2013-03-03

Changed in evergreen:
milestone:	2.4.0-alpha1 → 2.4.0-beta

Ben Shum (bshum) on 2013-03-17

Changed in evergreen:
milestone:	2.4.0-beta → 2.4.0-rc

Ben Shum (bshum) on 2013-04-22

Changed in evergreen:
milestone:	2.4.0-rc → 2.5.0-alpha

Dan Wells (dbw2) on 2013-06-12

Changed in evergreen:
milestone:	2.5.0-m1 → 2.5.0-m2

Dan Wells (dbw2) on 2013-07-15

Changed in evergreen:
milestone:	2.5.0-m2 → 2.5.0-alpha1

Remington Steed (rjs7) on 2013-08-12

Changed in evergreen:
milestone:	2.5.0-alpha1 → 2.5.0-alpha2

Dan Wells (dbw2) on 2013-08-26

Changed in evergreen:
milestone:	2.5.0-alpha2 → 2.5.0-beta1

Dan Wells (dbw2) on 2013-09-29

Changed in evergreen:
milestone:	2.5.0-beta1 → 2.5.0-rc

Dan Wells (dbw2) on 2013-10-07

Changed in evergreen:
milestone:	2.5.0-rc → 2.next

Dan Wells (dbw2) on 2014-02-05

Changed in evergreen:
milestone:	2.6.0-alpha1 → 2.6.0-beta1

Dan Wells (dbw2) on 2014-02-27

Changed in evergreen:
milestone:	2.6.0-beta1 → 2.next

Andrea Neiman (aneiman) on 2019-03-05

tags:

added: wishlist
removed: enhancement

Tiffany Little (tslittle) on 2021-10-15

tags:

removed: wishlist

Report a bug

This report contains Public information

Everyone can see this information.

You are

Subscribing...

Edit bug mail

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.