couchdb-user mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Martin Hilbig <>
Subject Re: persistent cookie authorization
Date Wed, 02 Mar 2011 07:02:13 GMT
just a quick idea: how about a auth handler[1] which uses the cookie as 
second passwd and creates a new one afterwards?

have fun


On 02.03.2011 06:51, Mark Hahn wrote:
> I would like to have the features of the cookie authorization built
> into couchdb with the _users table, but allow the user to stay logged
> in even after their browser is closed or the db is restarted.
> I could store the sha hash in a cookie and check it against their doc
> from _users, but after I've done that, how do I get them logged into
> couchdb with a token?  The only way I can figure out how to do this is
> to store the user's password in the clear which defeats the whole
> point of storing the sha hashed password.  Is there any way to log in
> a user to couchdb without using the clear password?

View raw message