Wednesday, December 1, 1999

How to use cookies with Notes and the Web


By Jeffrey R. Burrows

As Notes becomes progressively more Web-enabled, the likelihood that systems being delivered to customers will require a mixture of traditional Notes pages and Domino-served Web pages increases. This is especially true in R5, with its increased Web functionality and improved multiple window handling.

"A cookie is used chiefly by Web sites to identify users who have previously registered or visited the site."

One of the typical reasons for mixing client modes is to perform on-line queries of enterprise data and return the results immediately to you, the user. Obviously, it would be nice to avoid the fuss of installing DECS (Domino Enterprise Connection Services), or, even worse, of ensuring that database middleware (e.g., SQLNet for Oracle) is installed and correctly configured on every client machine. A standard Notes form can easily build a URL with parameters for the query, call a Domino Web agent, and have the results received as a Web page.

The biggest obstacle to this seamless mixed Notes/Web scenario is authentication. After you sign into Notes, you are then presented with another login box when a Web page is called, and possibly multiple other login boxes every time you make a query. On top of that, Notes maintains separate Notes and Domino Web passwords -- a recipe for confusion and exasperation and certainly anything but seamless! The alternative, however, to removing the security of a password is hardly better, especially if it is the gateway to confidential enterprise data.

There are a number of possible custom authentication methods, though, such as registering the permitted IP addresses or domains and permitting only queries from those PCs. However, with that comes the added overhead of maintaining that list -- not made any easier if DHCP (Dynamic Host Configuration Protocol) is being used to allocate IP addresses on the network. In addition, this method only authenticates the PC, not the individual user making the query.

A solution

The solution proposed in this article is to create unique "cookie" numbers in a Notes database and pass the cookie value along as part of the URL to the Web agent, as shown in Figure A. The Web agent will then look up the Notes cookie database to ensure that the cookie is present and has not yet expired. A cookie is a collection of information, usually including a username and the current date and time, stored on the local computer of a person using the World Wide Web. It is used chiefly by Web sites to identify users who have previously registered or visited the site.


A schematic of the relationship between the three databases involved in mixed client authentication. (click for larger image)