incubator-couchdb-user mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Jens Alfke <j...@couchbase.com>
Subject Re: replication on touchdb and authentication
Date Mon, 11 Feb 2013 18:34:54 GMT

On Feb 9, 2013, at 7:10 AM, svilen <az@svilendobrev.com> wrote:

> well i know i can store the passwords, be it secure or not.. but i
> don't want to. i want to store cookies instead. Like a browser does.
> And start any replications by authenticating with those.
> can i do that?

You don’t authenticate with cookies. Cookies are just a way to persist session state between
requests. The session itself has to be authenticated using credentials: a username/password,
or OAuth token, or BrowserID assertion.

In other words, the way you get a cookie in the first place is by posting a credential to
_session (or _browserid). So you have to have access to that credential. Moreover, sessions
expire — I believe the default expiration interval in CouchDB is one day — so you can’t
just forget the credential after the first login, unless you want to make the user retype
the password every day (which is a good way to lose users.)

—Jens
Mime
View raw message