couchdb-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Pauli Price (JIRA)" <j...@apache.org>
Subject [jira] [Updated] (COUCHDB-1831) Clearing AutoSession cookie doesn't respect domain value, fails to clear domain = '.example.com' values
Date Tue, 18 Jun 2013 14:13:20 GMT

     [ https://issues.apache.org/jira/browse/COUCHDB-1831?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]

Pauli Price updated COUCHDB-1831:
---------------------------------

    Summary: Clearing AutoSession cookie doesn't respect domain value, fails to clear domain
= '.example.com' values  (was: Clearing AutoSession cooking doesn't respect domain value,
fails to clear domain = '.example.com' values)
    
> Clearing AutoSession cookie doesn't respect domain value, fails to clear domain = '.example.com'
values
> -------------------------------------------------------------------------------------------------------
>
>                 Key: COUCHDB-1831
>                 URL: https://issues.apache.org/jira/browse/COUCHDB-1831
>             Project: CouchDB
>          Issue Type: Bug
>            Reporter: Pauli Price
>
> Working on a remote authentication server.  Setting AuthSession cookie at the domain
level - i.e. couchdb running at db.example.com & auth server running at auth.example.com
-- set cookie with domain='.example.com' & visit db.example.com/_utils --- session is
logged in.  Click 'logout' in futon, user remains logged in.  Examine cookies -- two AuthSession
cookies exist -- one with domain = 'db.example.com' with blank value, and the original one
with domain='.example.com' -- unchanged.
> Fix is to pass the original cookie's domain value into the set cookie statement that
clears the session.

--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see: http://www.atlassian.com/software/jira

Mime
View raw message