From dev-return-20218-apmail-couchdb-dev-archive=couchdb.apache.org@couchdb.apache.org Fri Jan 20 12:51:02 2012 Return-Path: X-Original-To: apmail-couchdb-dev-archive@www.apache.org Delivered-To: apmail-couchdb-dev-archive@www.apache.org Received: from mail.apache.org (hermes.apache.org [140.211.11.3]) by minotaur.apache.org (Postfix) with SMTP id 6F52EB0F8 for ; Fri, 20 Jan 2012 12:51:02 +0000 (UTC) Received: (qmail 77739 invoked by uid 500); 20 Jan 2012 12:51:01 -0000 Delivered-To: apmail-couchdb-dev-archive@couchdb.apache.org Received: (qmail 77710 invoked by uid 500); 20 Jan 2012 12:51:01 -0000 Mailing-List: contact dev-help@couchdb.apache.org; run by ezmlm Precedence: bulk List-Help: List-Unsubscribe: List-Post: List-Id: Reply-To: dev@couchdb.apache.org Delivered-To: mailing list dev@couchdb.apache.org Received: (qmail 77701 invoked by uid 99); 20 Jan 2012 12:51:00 -0000 Received: from athena.apache.org (HELO athena.apache.org) (140.211.11.136) by apache.org (qpsmtpd/0.29) with ESMTP; Fri, 20 Jan 2012 12:51:00 +0000 X-ASF-Spam-Status: No, hits=-2000.0 required=5.0 tests=ALL_TRUSTED,T_RP_MATCHES_RCVD X-Spam-Check-By: apache.org Received: from [140.211.11.116] (HELO hel.zones.apache.org) (140.211.11.116) by apache.org (qpsmtpd/0.29) with ESMTP; Fri, 20 Jan 2012 12:50:59 +0000 Received: from hel.zones.apache.org (hel.zones.apache.org [140.211.11.116]) by hel.zones.apache.org (Postfix) with ESMTP id CBC38157395 for ; Fri, 20 Jan 2012 12:50:39 +0000 (UTC) Date: Fri, 20 Jan 2012 12:50:39 +0000 (UTC) From: "Robert Newson (Commented) (JIRA)" To: dev@couchdb.apache.org Message-ID: <483697791.59774.1327063839835.JavaMail.tomcat@hel.zones.apache.org> In-Reply-To: <301613944.6314.1318448471952.JavaMail.tomcat@hel.zones.apache.org> Subject: [jira] [Commented] (COUCHDB-1304) set Expires header on session cookies to make them persistent MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 7bit X-JIRA-FingerPrint: 30527f35849b9dde25b450d4833f0394 [ https://issues.apache.org/jira/browse/COUCHDB-1304?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13189773#comment-13189773 ] Robert Newson commented on COUCHDB-1304: ---------------------------------------- Let's keep it disabled by default then, it's an easy thing to switch on. A further question of whether the toggle should be finer-grained than per-server has been raised by Randall. I think it's a good question but should be on a new ticket if we intend to pursue it. > set Expires header on session cookies to make them persistent > ------------------------------------------------------------- > > Key: COUCHDB-1304 > URL: https://issues.apache.org/jira/browse/COUCHDB-1304 > Project: CouchDB > Issue Type: Improvement > Components: HTTP Interface > Affects Versions: 1.1 > Reporter: max ogden > Assignee: Robert Newson > Priority: Minor > Labels: authentication, cookie > Fix For: 1.2 > > Original Estimate: 1h > Remaining Estimate: 1h > > currently couch's cookie based authentication only sets session cookies as opposed to persistent cookies. the difference between these two is the Expires header. if it is not present most web browsers will delete your cookie when you quit your browser, whereas if it is set then your browser keeps the cookie around until the time specified by the Expires header. > This sucks for UX because users quit and re-launch their browser they'll have to log in again. > I am proposing that we set the Expires header in cookies to match the time in the couch_httpd_auth timeout > p.s. this is similar to the issue I opened https://issues.apache.org/jira/browse/COUCHDB-1095 but at that time I didn't realize that what I really wanted was the Expires header -- This message is automatically generated by JIRA. If you think it was sent incorrectly, please contact your JIRA administrators: https://issues.apache.org/jira/secure/ContactAdministrators!default.jspa For more information on JIRA, see: http://www.atlassian.com/software/jira