While raising wishlist issues, I thought I'd bring up authentication. I know that Katipo has member authentication on their targeted features list. I set up the installer to use Basic Authentication to protect the intranet interface, but I did this primarily to get it out the door with some protection on the intranet interface. The main problem I have with basic authentication is the lack of ability to log out again without quitting the browser. I see this as being a particular problem with library search stations if members are logging in to set reserves. I'd like to see us do some kind of cookie based authentication that could be set to expire after a specified period of inactivity. This would also leave us less tied to MySL than using the auth_mysql_module for apache. Technically speaking, I see this as requireing the addition of a checkauthentication() call at the beginning of each script. If authentication fails, the checkauthentication() routine spits out a login page (or in the case of the OPAC, it could just carry on without any user specific options like setting reserves). Thoughts on this? Steve.
participants (1)
-
Tonnesen Steve