On Mon, 8 Jul 2002, Rachel Hamilton-Williams wrote:
All my concerns are to do with the OPAC - I'm not at all bothered about the intranet.
1/. A member of the public must be able to search/use the catalogue without having cookies turned on. For one reason or another there will be people who don't/can't/won't use cookies, they shouldn't be barred from the OPAC because of it.
Absolutely. The checkauth() routine will accept an option stating whether authentication is mandatory or not. If it _is_ mandatory, checkauth will display a login screen if the user is not authenticated. If it is _not_ mandatory, checkauth will return a NULL userid to the calling script signifying that the user is not authenticated. Most OPAC functions will work just fine without authentication, but will probably provide personalized functions if authenticated. Things like saved item lists, where you can check a box beside search results and they will be added to a list of items you are interested in.
2/. For it to be useful for a public library I would think that the public should be able to use *all* parts of the OPAC without having cookies turned on - even the bits where they need to authenticate.
First of all, Auth.pm will support either cookies or basic authentication, so a library can opt to use no cookies whatsoever. It will also be possible to use both by creating an alternative VirtualHost for the OPAC which uses basic authentication. At the cookie-based login screen, the user can be offered the choice of logging in without cookies by linking to the basic authentication virtual host for the opac. In this way, library search stations could be configured to use cookie-based authentication, enabling the timed logout feature, while patrons from home can log in without cookies. I think we've got all the bases covered here. Now as to whether we go with my home rolled session code, or use mod_auth_tkt (which is a third party apache module not included with the apache distribution), that discussion will have to join the checkvalidisn() discussion. :) Steve.