On Feb 11, 2013, at 19:34 , Jens Alfke wrote: > > On Feb 9, 2013, at 7:10 AM, svilen wrote: > >> well i know i can store the passwords, be it secure or not.. but i >> don't want to. i want to store cookies instead. Like a browser does. >> And start any replications by authenticating with those. >> can i do that? > > You don’t authenticate with cookies. Cookies are just a way to persist session state between requests. The session itself has to be authenticated using credentials: a username/password, or OAuth token, or BrowserID assertion. > > In other words, the way you get a cookie in the first place is by posting a credential to _session (or _browserid). So you have to have access to that credential. Moreover, sessions expire — I believe the default expiration interval in CouchDB is one day 10 Minutes :) Cheers Jan -- > — so you can’t just forget the credential after the first login, unless you want to make the user retype the password every day (which is a good way to lose users.) > > —Jens