…other Web authorization techniques...

• Prompt for credential with form, then establish “stateful” session using either a Cookie or a session ID embedded in URLs sent back from site

  • DRA Web2 and First Search (in one configuration) provide examples of this. As with HTTP-based username/password, browser continues sending the Cookie (or embedded session ID) with every request; vendor’s server decides when session expires.
  • Doesn’t solve the problem of keeping the credential invisible to the end user, since HTTP specifically disallows letting one server (Library) send the user a Cookie meant for use on another server (Vendor).
  • Tip: Leave your browser set to “warn before accepting cookies” when testing access to vendor sites.

Previous slide

Next slide

Back to first slide

View graphic version