[EP-tech] Re: EPrints webserver authentication, skipping authentication?

Ian Stuart Ian.Stuart at ed.ac.uk
Tue Jan 22 15:25:54 GMT 2013


Firstly, it depends on what you mean by "another broswer": if you open 
another Chrome, Firefox, or IE window, it just reuses the same core 
process, with another GUI.... so its actually the same as opening 
another tab.

It depends, to a certain extent, on how the external Shibb 
authentication was done - but my experience of it (a few years ago now) 
was that Shibb sets a cookie, which is global for the browser - so the 
same behaviour would happen for any other service that uses the shibb 
system (which is where I noticed the behaviour)

You'll also find that if you log out of the service, but don't close the 
browser, you'll probably be logged in again automagically when you 
return to the site again.

On 22/01/13 15:14, Jose Martin wrote:
> Hi,
>
> Has anyone implemented EPrints webserver authentication as in
> http://files.eprints.org/738/?
>
> I have integrated a 3.3.10 repository with an external Shibboleth
> authentication system, but it seems that once a session is successfully
> started, you can launch another browser and upon clicking “Login”, it
> will “steal” the other browser’s session and display the “Manage
> deposits | Profile...” options.
>
> Apparently, it reuses the login ticket from the former, valid session.
>
> Has anyone noticed this behaviour as well?
>



-- 

Ian Stuart.
Developer: ORI, RJ-Broker, and OpenDepot.org
Bibliographics and Multimedia Service Delivery team,
EDINA,
The University of Edinburgh.

http://edina.ac.uk/

This email was sent via the University of Edinburgh.

The University of Edinburgh is a charitable body, registered in
Scotland, with registration number SC005336.




More information about the Eprints-tech mailing list