Return-Path: 
 <dev-return-14892-apmail-couchdb-dev-archive=couchdb.apache.org@couchdb.apache.org>
Delivered-To: apmail-couchdb-dev-archive@www.apache.org
Received: (qmail 97894 invoked from network); 13 Feb 2011 12:23:22 -0000
Received: from hermes.apache.org (HELO mail.apache.org) (140.211.11.3)
  by minotaur.apache.org with SMTP; 13 Feb 2011 12:23:22 -0000
Received: (qmail 86416 invoked by uid 500); 13 Feb 2011 12:23:22 -0000
Delivered-To: apmail-couchdb-dev-archive@couchdb.apache.org
Received: (qmail 86102 invoked by uid 500); 13 Feb 2011 12:23:19 -0000
Mailing-List: contact dev-help@couchdb.apache.org; run by ezmlm
Precedence: bulk
List-Help: <mailto:dev-help@couchdb.apache.org>
List-Unsubscribe: <mailto:dev-unsubscribe@couchdb.apache.org>
List-Post: <mailto:dev@couchdb.apache.org>
List-Id: <dev.couchdb.apache.org>
Reply-To: dev@couchdb.apache.org
Delivered-To: mailing list dev@couchdb.apache.org
Received: (qmail 86085 invoked by uid 99); 13 Feb 2011 12:23:18 -0000
Received: from athena.apache.org (HELO athena.apache.org) (140.211.11.136)
    by apache.org (qpsmtpd/0.29) with ESMTP; Sun, 13 Feb 2011 12:23:18 +0000
X-ASF-Spam-Status: No, hits=-2000.0 required=5.0
	tests=ALL_TRUSTED,T_RP_MATCHES_RCVD
X-Spam-Check-By: apache.org
Received: from [140.211.11.116] (HELO hel.zones.apache.org) (140.211.11.116)
    by apache.org (qpsmtpd/0.29) with ESMTP; Sun, 13 Feb 2011 12:23:17 +0000
Received: from hel.zones.apache.org (hel.zones.apache.org [140.211.11.116])
	by hel.zones.apache.org (Postfix) with ESMTP id 73B971A397B
	for <dev@couchdb.apache.org>; Sun, 13 Feb 2011 12:22:57 +0000 (UTC)
Date: Sun, 13 Feb 2011 12:22:57 +0000 (UTC)
From: "Robert Newson (JIRA)" <jira@apache.org>
To: dev@couchdb.apache.org
Message-ID: 
 <326486116.13632.1297599777470.JavaMail.tomcat@hel.zones.apache.org>
Subject: [jira] Created: (COUCHDB-1066) cookie_authentication_handler does
 not throw if cookie is invalid or has expired
MIME-Version: 1.0
Content-Type: text/plain; charset=utf-8
Content-Transfer-Encoding: 7bit
X-JIRA-FingerPrint: 30527f35849b9dde25b450d4833f0394

cookie_authentication_handler does not throw if cookie is invalid or has expired
--------------------------------------------------------------------------------

                 Key: COUCHDB-1066
                 URL: https://issues.apache.org/jira/browse/COUCHDB-1066
             Project: CouchDB
          Issue Type: Bug
    Affects Versions: 1.0.2
            Reporter: Robert Newson
            Assignee: Robert Newson
            Priority: Critical


cookie_authentication_handler does not throw if the cookie is invalid or has expired, instead it delegates to the next handler.

This leads to ugly results like getting a response from /_session but with no userCtx filled in.

cookie_authentication_handler should throw if, and only if, there's an AuthSession cookie that is expired or invalid. We shouldn't attempt to try other auth schemes. If there is no such cookie, then we delegate.

-- 
This message is automatically generated by JIRA.
-
For more information on JIRA, see: http://www.atlassian.com/software/jira