couchdb-user mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Jens Alfke <j...@couchbase.com>
Subject Re: CouchDb session renewal
Date Wed, 29 Jan 2014 21:28:12 GMT

On Jan 29, 2014, at 9:25 AM, Robert Samuel Newson <rnewson@apache.org> wrote:

> couchdb should send an updated cookie if the one you authenticated with is still valid
and more than 10% of the way through its lifetime.

That's convenient, but it means a session ID that's in regular use will never expire, which
isn't the greatest for security. Is there an option to set a secondary expiration interval
after which the session renewal runs out and the user is forced to enter credentials again?
(I just looked at the config docs but didn't see a setting for that.)

—Jens
Mime
View raw message