Authentication

By default, the query-meta script does not require end-users to be authenticated. You can force authentication by setting the user.authenticate variable to true from the Simple tab in your project. When user.authenticate is turned off, users still have the option to log in by clicking on a login link. To enable the login link, open the display associated with the project. On the Settings, select Advanced under Theme. Click edit, and scroll down to the Header Links section. Click in the Modified radio button, and then select login/logout. Click OK at the top of the page to save. When user.authenticate is turned on, users will be redirected to a login page when they are not authenticated and attempt to search. That login page (handled by default by the references script) can be changed through the login-url variable found on the project's Advanced tab and Misc sub-tab.

Login can also be done by passing the username and password to the query-meta script as the v:username and v:password CGI parameters.

When users are logged in, they are issued a ticket. Both the ticket and their username are stored as cookies (respectively >velocity-ticket and velocity-username). The expiration of these cookies is determined respectively by the user.authentication-expiration and user.username-expiration variables also found on the project's Advanced tab and Misc sub-tab.