From dev-return-14894-apmail-couchdb-dev-archive=couchdb.apache.org@couchdb.apache.org Sun Feb 13 15:08:23 2011 Return-Path: Delivered-To: apmail-couchdb-dev-archive@www.apache.org Received: (qmail 52540 invoked from network); 13 Feb 2011 15:08:23 -0000 Received: from hermes.apache.org (HELO mail.apache.org) (140.211.11.3) by minotaur.apache.org with SMTP; 13 Feb 2011 15:08:23 -0000 Received: (qmail 46579 invoked by uid 500); 13 Feb 2011 15:08:23 -0000 Delivered-To: apmail-couchdb-dev-archive@couchdb.apache.org Received: (qmail 46069 invoked by uid 500); 13 Feb 2011 15:08:20 -0000 Mailing-List: contact dev-help@couchdb.apache.org; run by ezmlm Precedence: bulk List-Help: List-Unsubscribe: List-Post: List-Id: Reply-To: dev@couchdb.apache.org Delivered-To: mailing list dev@couchdb.apache.org Received: (qmail 46041 invoked by uid 99); 13 Feb 2011 15:08:18 -0000 Received: from athena.apache.org (HELO athena.apache.org) (140.211.11.136) by apache.org (qpsmtpd/0.29) with ESMTP; Sun, 13 Feb 2011 15:08:18 +0000 X-ASF-Spam-Status: No, hits=-1998.9 required=5.0 tests=ALL_TRUSTED,TRACKER_ID,T_RP_MATCHES_RCVD X-Spam-Check-By: apache.org Received: from [140.211.11.116] (HELO hel.zones.apache.org) (140.211.11.116) by apache.org (qpsmtpd/0.29) with ESMTP; Sun, 13 Feb 2011 15:08:18 +0000 Received: from hel.zones.apache.org (hel.zones.apache.org [140.211.11.116]) by hel.zones.apache.org (Postfix) with ESMTP id 625551A305E for ; Sun, 13 Feb 2011 15:07:58 +0000 (UTC) Date: Sun, 13 Feb 2011 15:07:58 +0000 (UTC) From: "Robert Newson (JIRA)" To: dev@couchdb.apache.org Message-ID: <241980639.13745.1297609678399.JavaMail.tomcat@hel.zones.apache.org> In-Reply-To: <326486116.13632.1297599777470.JavaMail.tomcat@hel.zones.apache.org> Subject: [jira] Commented: (COUCHDB-1066) cookie_authentication_handler does not throw if cookie is invalid or has expired MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 7bit X-JIRA-FingerPrint: 30527f35849b9dde25b450d4833f0394 [ https://issues.apache.org/jira/browse/COUCHDB-1066?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=12994107#comment-12994107 ] Robert Newson commented on COUCHDB-1066: ---------------------------------------- I have a local fix that breaks Futon due, I think, to a recent change that translates 401's to 302's. This causes Futon's call to /_active_tasks, to make a modal dialog box of HTML instead of the usual popup about needing admin access. This commit, once reverted, gives proper 401's; 03ede5b036c48d0a212fac033cd90e5b041913ad > cookie_authentication_handler does not throw if cookie is invalid or has expired > -------------------------------------------------------------------------------- > > Key: COUCHDB-1066 > URL: https://issues.apache.org/jira/browse/COUCHDB-1066 > Project: CouchDB > Issue Type: Bug > Affects Versions: 0.11.2, 1.0.2, 1.1 > Reporter: Robert Newson > Assignee: Robert Newson > Priority: Critical > > cookie_authentication_handler does not throw if the cookie is invalid or has expired, instead it delegates to the next handler. > This leads to ugly results like getting a response from /_session but with no userCtx filled in. > cookie_authentication_handler should throw if, and only if, there's an AuthSession cookie that is expired or invalid. We shouldn't attempt to try other auth schemes. If there is no such cookie, then we delegate. -- This message is automatically generated by JIRA. - For more information on JIRA, see: http://www.atlassian.com/software/jira