couchdb-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Pauli Price (JIRA)" <j...@apache.org>
Subject [jira] [Created] (COUCHDB-1831) Clearing AutoSession cooking doesn't respect domain value, fails to clear domain = '.example.com' values
Date Tue, 18 Jun 2013 14:11:20 GMT
Pauli Price created COUCHDB-1831:
------------------------------------

             Summary: Clearing AutoSession cooking doesn't respect domain value, fails to
clear domain = '.example.com' values
                 Key: COUCHDB-1831
                 URL: https://issues.apache.org/jira/browse/COUCHDB-1831
             Project: CouchDB
          Issue Type: Bug
            Reporter: Pauli Price


Working on a remote authentication server.  Setting AuthSession cookie at the domain level
- i.e. couchdb running at db.example.com & auth server running at auth.example.com --
set cookie with domain='.example.com' & visit db.example.com/_utils --- session is logged
in.  Click 'logout' in futon, user remains logged in.  Examine cookies -- two AuthSession
cookies exist -- one with domain = 'db.example.com' with blank value, and the original one
with domain='.example.com' -- unchanged.

Fix is to pass the original cookie's domain value into the set cookie statement that clears
the session.

--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see: http://www.atlassian.com/software/jira

Mime
View raw message