couchdb-user mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Robert Newson <rnew...@apache.org>
Subject Re: GET /_session doesn't set a cookie?
Date Tue, 08 Jan 2013 01:44:40 GMT
I should clarify. you need to POST to get a cookie and the credentials
are in the request body (as either form data or json, but set your
content-type correctly). if you GET /_session with basic auth, then it
shows you your name and roles (since you've already authenticated),
and doesn't send a cookie (because you're using basic auth instead).

mutually exclusive.

B.

On 8 January 2013 01:26, Robert Newson <rnewson@apache.org> wrote:
> You have to POST, yes.
>
> On 8 January 2013 01:18, Jens Alfke <jens@couchbase.com> wrote:
>> According to the wiki docs[1], GET /_session with a valid Authorization: header will
create a session. However, when I try this it doesn’t set any cookie:
>>
>> $ http --auth snej GET :5984/_session
>> http: password for snej@:5984:
>> HTTP/1.1 200 OK
>> Cache-Control: must-revalidate
>> Content-Length: 176
>> Content-Type: text/plain; charset=utf-8
>> Date: Tue, 08 Jan 2013 01:10:46 GMT
>> Server: CouchDB/1.2.0 (Erlang OTP/R15B01)
>>
>> {"ok":true,"userCtx":{"name":"snej","roles":["_admin"]},"info":{"authentication_db":"_users","authentication_handlers":["oauth","cookie","default"],"authenticated":"default”}}
>>
>> If this doesn’t set a cookie, it’s kind of useless. Is it necessary to use POST
to get a login session?
>>
>> —Jens
>>
>> [1]: http://wiki.apache.org/couchdb/Session_API

Mime
View raw message