couchdb-user mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Mark Hahn <>
Subject Re: persistent cookie authorization
Date Fri, 04 Mar 2011 01:08:47 GMT
Thanks for the shot, either quick or not.

>  but can't increasing couch_httpd_auth:timeout config option help you?

I tried that.  That is some kind of timeout internal to couch.  The
cookie it emits has no date set so when the browser closes the cookie
goes away.

I guess I'll have to do some research on how to do everything in my
app.  Thanks again.

On Thu, Mar 3, 2011 at 3:40 PM, Martin Hilbig <> wrote:
> On 02.03.2011 08:17, Mark Hahn wrote:
>> If you don't mind, can you explain your idea in a bit more detail?  I
>> need ideas.
> i guess my thought would need digging into erlang and write another
> "authentication handler" but i dont know where they are documented.
> i wanted to say, with that new authentication handler you could add another
> cookie_passwd_sha1 field to your _users documents which is basically the
> cookie you provided to the user earlier, just also hashed.
> but cant increasing couch_httpd_auth:timeout config option help you?
>> I appreciate the reference to the wiki page but it sure is a mess.  I
>> couldn't make heads nor tails out of it.  Is there a page that spells
>> out what auth handlers are provided and how they function?
> it's probably hidden therein like [2].
> sorry if it doesnt make sense nor help you, i got nothing more to say, was
> just a quick shot.
> have fun
> martin
> [2]:
>> On Tue, Mar 1, 2011 at 11:02 PM, Martin Hilbig<>  wrote:
>>> just a quick idea: how about a auth handler[1] which uses the cookie as
>>> second passwd and creates a new one afterwards?
>>> have fun
>>> martin
>>> [1]:
>>> On 02.03.2011 06:51, Mark Hahn wrote:
>>>> I would like to have the features of the cookie authorization built
>>>> into couchdb with the _users table, but allow the user to stay logged
>>>> in even after their browser is closed or the db is restarted.
>>>> I could store the sha hash in a cookie and check it against their doc
>>>> from _users, but after I've done that, how do I get them logged into
>>>> couchdb with a token?  The only way I can figure out how to do this is
>>>> to store the user's password in the clear which defeats the whole
>>>> point of storing the sha hashed password.  Is there any way to log in
>>>> a user to couchdb without using the clear password?

Mark Hahn
Website Manager

View raw message