couchdb-user mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Mark Hahn <>
Subject Re: persistent cookie authorization
Date Wed, 02 Mar 2011 07:17:26 GMT
If you don't mind, can you explain your idea in a bit more detail?  I
need ideas.

I appreciate the reference to the wiki page but it sure is a mess.  I
couldn't make heads nor tails out of it.  Is there a page that spells
out what auth handlers are provided and how they function?

On Tue, Mar 1, 2011 at 11:02 PM, Martin Hilbig <> wrote:
> just a quick idea: how about a auth handler[1] which uses the cookie as
> second passwd and creates a new one afterwards?
> have fun
> martin
> [1]:
> On 02.03.2011 06:51, Mark Hahn wrote:
>> I would like to have the features of the cookie authorization built
>> into couchdb with the _users table, but allow the user to stay logged
>> in even after their browser is closed or the db is restarted.
>> I could store the sha hash in a cookie and check it against their doc
>> from _users, but after I've done that, how do I get them logged into
>> couchdb with a token?  The only way I can figure out how to do this is
>> to store the user's password in the clear which defeats the whole
>> point of storing the sha hashed password.  Is there any way to log in
>> a user to couchdb without using the clear password?

Mark Hahn
Website Manager

View raw message