couchdb-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Apache Wiki <>
Subject [Couchdb Wiki] Update of "Session_API" by StephaneAlnet
Date Thu, 21 Apr 2011 15:21:14 GMT
Dear Wiki user,

You have subscribed to a wiki page or wiki category on "Couchdb Wiki" for change notification.

The "Session_API" page has been changed by StephaneAlnet.
The comment on this change is: Initial page.


New page:
The Session API manages sessions for CouchDB access.

Session information is stored on the client using a Cookie (named AuthSession).

=== Log in ===

To create a session (=log in), do a
  POST /_session
with the following parameters:

The username is the "name" field of a user's record in CouchDB's _users database.

There is an optional "next" parameter that can be used to force a redirection after CouchDB
processed a successful login.

In case of success, the POST /_session command will return a JSON value:
    "ok": true,
    "name": "username",
    "roles": ["role1","role2"]
which is similar to the user context (userCtx) parameter of some of the Javascript functions.

In case of error, the POST /_session command will return a JSON value:
    "error":"Name or password is incorrect."

Return values:
  200 OK (with Cookie)
  302 Redirection (with Cookie) -- if "next" parameter was provided
  401 Unauthorized 

=== Log out ===

To delete the session, do a
  DELETE /_session
which will remove the session cookie.

An optional parameter "next" can be provided to redirect the browser.

Return values:
  200 OK (cookie removed)
  302 Redirection (cookie removed) -- if "next" parameter was provided

=== Session information ===

To retrieve the current session's information, do a
  GET /_session
which will retrieve the session data (based on the session cookie).

If the session is valid the GET method will return the same structure as provided by the successful
POST that started the session.

If the session is not valid (not logged in, etc.) an exception will be thrown with an "unauthorized"

View raw message