couchdb-user mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Jan Lehnardt <>
Subject Re: replication on touchdb and authentication
Date Mon, 11 Feb 2013 18:45:56 GMT

On Feb 11, 2013, at 19:34 , Jens Alfke <> wrote:

> On Feb 9, 2013, at 7:10 AM, svilen <> wrote:
>> well i know i can store the passwords, be it secure or not.. but i
>> don't want to. i want to store cookies instead. Like a browser does.
>> And start any replications by authenticating with those.
>> can i do that?
> You don’t authenticate with cookies. Cookies are just a way to persist session state
between requests. The session itself has to be authenticated using credentials: a username/password,
or OAuth token, or BrowserID assertion.
> In other words, the way you get a cookie in the first place is by posting a credential
to _session (or _browserid). So you have to have access to that credential. Moreover, sessions
expire — I believe the default expiration interval in CouchDB is one day

10 Minutes :)


> — so you can’t just forget the credential after the first login, unless you want
to make the user retype the password every day (which is a good way to lose users.)
> —Jens

View raw message