couchdb-user mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Gregor Martynus <>
Subject authentication: signed in as user1 (cookie), but sending request as user2?
Date Wed, 23 May 2012 17:27:05 GMT
Hey couch folks, 

let's say there is a database "user2", which has Readers: ["user2"] in its security settings.

Now let's say user1 is logged in, with cookie authentication and he has the password of user2.
Is there any way he can make an authenticated request as user2: `GET /user2/_all_docs`

I tried it with the Authorization header, but that only works if I'm signed out. Once I'm
signed in as a user, the Authorization headers is ignored.

so Question is: when I'm logged in as user1 with cookies, can I send a request as user2, when
I know the password? 

Gregor Martynus

  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message