couchdb-user mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Robert Samuel Newson <rnew...@apache.org>
Subject Re: CouchDb session renewal
Date Wed, 29 Jan 2014 22:12:50 GMT

There isn’t one, no.

B.

On 29 Jan 2014, at 21:28, Jens Alfke <jens@couchbase.com> wrote:

> 
> On Jan 29, 2014, at 9:25 AM, Robert Samuel Newson <rnewson@apache.org> wrote:
> 
>> couchdb should send an updated cookie if the one you authenticated with is still
valid and more than 10% of the way through its lifetime.
> 
> That's convenient, but it means a session ID that's in regular use will never expire,
which isn't the greatest for security. Is there an option to set a secondary expiration interval
after which the session renewal runs out and the user is forced to enter credentials again?
(I just looked at the config docs but didn't see a setting for that.)
> 
> —Jens


Mime
View raw message