incubator-couchdb-user mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Martin Hilbig <blueo...@gmx.net>
Subject Re: persistent cookie authorization
Date Wed, 02 Mar 2011 07:02:13 GMT
just a quick idea: how about a auth handler[1] which uses the cookie as 
second passwd and creates a new one afterwards?

have fun
martin

[1]: http://wiki.apache.org/couchdb/Authentication_and_Authorization

On 02.03.2011 06:51, Mark Hahn wrote:
> I would like to have the features of the cookie authorization built
> into couchdb with the _users table, but allow the user to stay logged
> in even after their browser is closed or the db is restarted.
>
> I could store the sha hash in a cookie and check it against their doc
> from _users, but after I've done that, how do I get them logged into
> couchdb with a token?  The only way I can figure out how to do this is
> to store the user's password in the clear which defeats the whole
> point of storing the sha hashed password.  Is there any way to log in
> a user to couchdb without using the clear password?
>

Mime
View raw message