Skip to main content
Support - EBSCO Help

Accepting Cookies and Using Cookie Authentication - Frequently Asked Questions

Are cookies required to access or search EBSCOhost or EBSCO Discovery Service?

Cookies are not required for access to or searching in EBSCO products available via the EBSCOhost platform, including, but not limited to EBSCO Discovery Service and EBSCOhost Research Databases, for most authentication/login types.

Full Text Finder's link resolver menu never requires a web browser to accept cookies.

If your institution's administrator has enabled and authenticates users with Cookie authentication via EBSCOadmin, cookies are required for access to, or searching in, most EBSCO products.

If  you are prompted for login credentials to access EBSCOhost, your browser may be blocking the EBSCOhost cookie from authenticating you.

The EBSCOhost cookie is considered a third-party cookie, which you can choose to allow by adjusting your settings in the Internet Options portion of your web browser (Internet Explorer, Firefox, Chrome, etc.) by either allowing all third-party cookies, or creating an exception for the domain

For more information on adjusting your browser's internet options settings, please see the Help information for your browser.


What is CookiePush authentication and can I use it to authenticate to EBSCOhost?

CookiePush authentication is way of forcing a cookie to be placed on a user's hard drive by running a simple script that is installed somewhere on the domain of the online resource being accessed.

EBSCO maintains an Authentication Cookie Pusher server. This server allows an external web site to cause EBSCO to push an EBSCO site cookie to the user's browser. The cookie will be read later, when the user attempts to use an EBSCO web service.

Authentication cookie pushing is typically used for those who require authentication when they are outside of an institution's IP range. Typically, the user must authenticate and navigate to a secure page on the institution's web site. At this point, the PUSHAUTH server can be invoked by adding an IMG link to the web page. The IMG link is itself authenticated by a referring URL (in other words, EBSCO will know the User ID, based on the web page at the institution where the IMG link has been placed). Authentication cookie pushing can be used as follows:

  • The administrator places a small image on a secure page, e.g., the list of electronic resources, on their site.
  • When the user navigates to this page, the EBSCO authentication cookie is placed on the browser.

The following parameters are allowed when constructing the URL:

custid The customer ID. (Note: If custid/group are not specified, the "Referring URL" of the originating web page is used to determine Customer/Group).
group The Group ID (Note: If group is specified without a custid, the custid of the Referring URL will be used).
show Y- the EBSCO logo will appear on the web page.
N- a single white pixel GIF will display on the web page.
ttl Time To Live. 1-45 (indicates days) or the word "session." The default, if the values are outside of this range, is 45.
authmethod Authentication Method as known to the originating server. See below.


The Authentication Method allows greater control for proxy server and authentication helpers. The Authentication Method can be added to CustomLinks to allow the CustomLink target to determine how the user originally authenticated. The possible authmethod values are:


ip IP Address
uid User ID/Password  
custuid Customer Coordinated User ID and password
cpid Customer ID patterns
athens Athens
url Referring URL
shib Shibboleth


What information is in an EBSCOhost cookie?

The following information is written to a cookie when you log in to EBSCOhost:

  • URL used to login
  • Customer ID
  • Group ID accessed
  • Method of authentication--IP or User ID/PW


In EBSCOhost, why do I receive "Authentication failed due to a system error" when using cookie pushing URL?

This system error message is caused by a missing parameter in the URL. If you add &ls=n to the URL, the request should be sent successfully.