couchdb-user mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Jens Alfke <j...@couchbase.com>
Subject Interpretation of session timeout
Date Thu, 10 Jan 2013 19:31:39 GMT
The default value of the couch_httpd_auth/timeout config param is 600, meaning that cookie-based
sessions expire in ten minutes.

Does this mean ten minutes after the session was first created, or after ten minutes of no
activity? (That is, does each subsequent request extend the session expiration time?)

I ask because, in the former interpretation, ten minutes seems like a very frustratingly short
expiration time — I would not keep using a website that forced me to log in again every
ten minutes!

Obviously the admin can increase this value, but as I’m writing general purpose libraries
that interact with arbitrary CouchDB servers [i.e. TouchDB and CouchCocoa] I have to work
with whatever’s set in the remote database. And ten minutes is short enough that my session
might expire in the middle of a replication, for example, which would complicate my auth logic.

—Jens
Mime
View raw message