[Koha] SIP2 AF field sent even if patron password is invalid
Kyle Hall
kyle.m.hall at gmail.com
Wed Jul 30 03:35:59 NZST 2014
I have an interesting SIP2 implementation issue. When authenticating
through SIP2, if a valid patron id is passed in, but an *invalid* password
is passed in, Koha's SIP2 server send back the AF ( screen message ) field
even though the credentials are invalid. If a patron owes any fees, the
server will send back the amount owed in an AF field.
For instance, Overdrive will display this AF field even with an invalid
password. Freegal does not ( but it may not display any AF field ). At
least one SIP2 machine we tested against will also display the AF field
when an invalid password is submitted.
Is this a Koha issue, or a client side issue? The SIP2 protocol
specification does not indicate that AF fields should be removed in the
event of an invalid password. My guess is that some SIP2 server
implementations may send back "Invalid password" messages which may be
useful.
Kyle
http://www.kylehall.info
ByWater Solutions ( http://bywatersolutions.com )
Meadville Public Library ( http://www.meadvillelibrary.org )
Crawford County Federated Library System ( http://www.ccfls.org )
Mill Run Technology Solutions ( http://millruntech.com )
More information about the Koha
mailing list