couchdb-user mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Robert Samuel Newson <>
Subject Re: CouchDb session renewal
Date Wed, 29 Jan 2014 22:12:50 GMT

There isn’t one, no.


On 29 Jan 2014, at 21:28, Jens Alfke <> wrote:

> On Jan 29, 2014, at 9:25 AM, Robert Samuel Newson <> wrote:
>> couchdb should send an updated cookie if the one you authenticated with is still
valid and more than 10% of the way through its lifetime.
> That's convenient, but it means a session ID that's in regular use will never expire,
which isn't the greatest for security. Is there an option to set a secondary expiration interval
after which the session renewal runs out and the user is forced to enter credentials again?
(I just looked at the config docs but didn't see a setting for that.)
> —Jens

View raw message