Closed mbjones closed 5 years ago
mbjones
commented
6 years ago Original Redmine Comment Author Name: Oliver Soong (Oliver Soong) Original Date: 2009-08-10T22:35:24Z
Oh, this is a small but frustrating UI enhancement thing that doesn't involve any of metacat's underlying functionality, so I'm lowering the priority.
mbjones
commented
6 years ago Original Redmine Comment Author Name: Matt Jones (Matt Jones) Original Date: 2009-08-10T22:38:09Z
Plus, the new RESTful URL style was created specifically to eliminate the problems with search engines ignorig the query string in metacat URLs. So the 'ld' url format should be deprecated once we finish making access control work on the new RESTful URL format.
mbjones
commented
6 years ago Original Redmine Comment Author Name: Redmine Admin (Redmine Admin) Original Date: 2013-03-27T21:26:22Z
Original Bugzilla ID was 4301
Author Name: Oliver Soong (Oliver Soong) Original Redmine Issue: 4301, https://projects.ecoinformatics.org/ecoinfo/issues/4301 Original Date: 2009-08-10 Original Assignee: Michael Daigle
Using a plain URL, one cannot access datasets that require authentication. Alternatively, a link of the form http://knb.ecoinformatics.org/knb/metacat?action=read&qformat=knb&docid=judithk.594 will function properly when authenticated, although this form is not actually presented in metacat. However, attempting to view the metadata for any of the included data tables will insert a &sessionid= with no value, which causes an error as I think this overrides the (correctly authenticated) value that would otherwise have been passed.
Perversely enough, at the top of any data package is a printed URL of the form http://knb.ecoinformatics.org/knb/metacat/judithk.594.26/knb, even though the actual link is http://knb.ecoinformatics.org/knb/metacat?action=read&qformat=knb&sessionid=________________________________&docid=judithk.594.26 with the actual sessionid embedded in the URL. I think it would be safer and more robust if that sessionid were not explicitly inserted anywhere. From what I recall and have been told, everything should function as intended by simply removing the sessionid from the various URLs.