"Metering" Database Access on the Web

Walt Howe walthowe at delphi.com
Thu May 29 10:15:33 EDT 1997


At 04:27 PM 5/28/97 -0700, Elizabeth H. Hamilton wrote:
>One of the databases we subscribe to is going
>to a Web interface soon. This database allows
>us a specific number of passwords under our
>license. 
>
>When all those are in concurrent use, no more
>people can access the database until someone
>is done with a password and no longer needs it.
>
>For session-based access such as telnet the
>process of checking for an available password
>and assigning it to the user for their session
>is not a problem. It is a process handled
>transparently behind the scenes. The user has
>no knowledge of it.
>
>How is this handled on the Web?

Telnet is a continuous connection, and therefore, it is easy to track the
use of the password. A web connection is an intermittent one, and only
connects when you follow a link or interact with the current page. The
connection is dropped immediately when the information is passed. The usual
solution to use of passwords in this environment is for the web page to
create a "cookie"--a short piece of information stored on your system after
you log in with the password verification. Each time you interact
(reconnect), the web page checks for the cookie. If it doesn't find the
cookie, the user has to log in again. For your limited usage situation, the
cookies must be non-persistent, so that they are erased when the browser is
closed or the system shut down or after a certain period of time has passed
since it was last verified. All the coding to enable this must be done by
the site that originates the database and the passwords, not by the library
or organization using the database. The only requirement for the library is
to use a new enough browser so it supports Java to create the cookies. 

While you may not need to write the code for the cookies, it is useful to
understand the process. If you reassign a password a minute after another
user finishes with it, it may not work at first, because the previous usage
has not timed out. You need to find from the vendor just what these
limitations are.


    Walt  <http://people.delphi.com/walthowe>


More information about the Web4lib mailing list