Remote Access Solution?

Andrew Mutch amutch at waterford.lib.mi.us
Tue Jul 16 17:12:12 EDT 2002


I think all of the bits that I need are probably lying around the Web4Lib archives but just in case there's a new mousetrap, let me ask for help with the following:

We have just completely revamped our access to our online databases. The major elements of this revision have included breaking out a number of individual databases and moving them from a
single page of access to multiple pages. This current arrangement has been rolled out in-house and I think has greatly improved how we are providing access to these resources to our
patrons. Now, we want to implement the same changes for remote access.

Currently, remote users are required to authenticate using their library barcode number. A script checks their barcode number and if they authenticate, a second script generates a web
page with links to the various databases. In some cases, the database vendors are handling authentication through referrer URL and in some cases, we use scripted links to manage the
authentication process with the database. We have set up the second script such that patrons are always required to authenticate any time they try to access the scripted page. If they try
to bookmark it or otherwise bypass the authentication process, they just get bounced back to the screen where they have to enter their barcode.

Having discussed this with my librarians, we have decided that a future remote access would have the following:

1) A single point of authentication

2) Authentication wouldn't be required until the patron actually selected a database to access. It was felt that the current process doesn't give patrons any kind of information before
asking them for their barcode number. In the ideal case, patrons would get an idea of what they are getting before having to authenticate.

3) Once a patron authenticates for one database, they should not have to authenticate again in the same session.

4) Only use a single set of pages. I don't want to have to maintain two sets of pages, one for use in the library and one for use outside the library, if I can help it.

Items 1, 2 and 4 don't appear to be that difficult to achieve. I can think of two approaches for having one set of pages handle in-house and remote users:

A) Use EZProxy to allow all users to appear as if they are accessing the databases locally. I have a license for EZProxy so this is an option. One issue I haven't figured out is how to
keep out unauthorized users.

B) Use an IP detection script on each link that would either pass the user along to the appropriate database or send them to the authentication page.

The trick here for me is #3. Once I have authenticated a user, how do I keep them from having to authenticate more than once?  I'm guessing that the solution to this is setting a session
cookie that gets checked in some way. But I haven't done anything with cookies in this way. Or maybe there is a better way to do this? I'm sure there is a way to have my cake and eat it
too. I just don't know where I should be directing my efforts here.

Hopefully, this all made sense. Thank you in advance!

Andrew Mutch
Library Systems Technician
Waterford Township Public Library
Waterford, MI










More information about the Web4lib mailing list