Return-Path: 
 <user-return-23452-apmail-couchdb-user-archive=couchdb.apache.org@couchdb.apache.org>
X-Original-To: apmail-couchdb-user-archive@www.apache.org
Delivered-To: apmail-couchdb-user-archive@www.apache.org
Received: from mail.apache.org (hermes.apache.org [140.211.11.3])
	by minotaur.apache.org (Postfix) with SMTP id 9F816D686
	for <apmail-couchdb-user-archive@www.apache.org>;
 Thu, 14 Feb 2013 05:18:38 +0000 (UTC)
Received: (qmail 16444 invoked by uid 500); 14 Feb 2013 05:18:37 -0000
Delivered-To: apmail-couchdb-user-archive@couchdb.apache.org
Received: (qmail 16234 invoked by uid 500); 14 Feb 2013 05:18:36 -0000
Mailing-List: contact user-help@couchdb.apache.org; run by ezmlm
Precedence: bulk
List-Help: <mailto:user-help@couchdb.apache.org>
List-Unsubscribe: <mailto:user-unsubscribe@couchdb.apache.org>
List-Post: <mailto:user@couchdb.apache.org>
List-Id: <user.couchdb.apache.org>
Reply-To: user@couchdb.apache.org
Delivered-To: mailing list user@couchdb.apache.org
Received: (qmail 16200 invoked by uid 99); 14 Feb 2013 05:18:35 -0000
Received: from nike.apache.org (HELO nike.apache.org) (192.87.106.230)
    by apache.org (qpsmtpd/0.29) with ESMTP; Thu, 14 Feb 2013 05:18:35 +0000
X-ASF-Spam-Status: No, hits=-0.0 required=5.0
	tests=RCVD_IN_DNSWL_NONE,SPF_PASS
X-Spam-Check-By: apache.org
Received-SPF: pass (nike.apache.org: domain of jens@couchbase.com designates
 206.225.164.31 as permitted sender)
Received: from [206.225.164.31] (HELO EXHUB020-4.exch020.serverdata.net)
 (206.225.164.31)
    by apache.org (qpsmtpd/0.29) with ESMTP; Thu, 14 Feb 2013 05:18:28 +0000
Received: from EXVMBX020-1.exch020.serverdata.net ([169.254.4.201]) by
 EXHUB020-4.exch020.serverdata.net ([206.225.164.31]) with mapi; Wed, 13 Feb
 2013 21:18:06 -0800
From: Jens Alfke <jens@couchbase.com>
To: "user@couchdb.apache.org" <user@couchdb.apache.org>
Date: Wed, 13 Feb 2013 21:18:06 -0800
Subject: Re: replication on touchdb and authentication
Thread-Topic: replication on touchdb and authentication
Thread-Index: Ac4KcquuCz7NMf61SsarOP/1dC2pAA==
Message-ID: <D1ACE206-860F-4BDB-93AC-F42B7BDAFD70@couchbase.com>
References: <mskohdpthvh4067d5lvamgnj.1360809226494@email.android.com>
In-Reply-To: <mskohdpthvh4067d5lvamgnj.1360809226494@email.android.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach: 
X-MS-TNEF-Correlator: 
acceptlanguage: en-US
Content-Type: text/plain; charset="Windows-1252"
Content-Transfer-Encoding: quoted-printable
MIME-Version: 1.0
X-Virus-Checked: Checked by ClamAV on apache.org


On Feb 13, 2013, at 6:33 PM, Svilen <az@svilendobrev.com> wrote:

> Unless the cookie life is 1 year. Its config anyway.

OK, if you control the server you could do that. (Though of course the clie=
nt app=92s HTTP framework could drop the cookie at any time; that=92s withi=
n spec.)=20

But I=92m not sure what your point is. You can=92t code a client app withou=
t considering credentials. The cookie has to come from somewhere, so the ap=
p has to be able to log in. What is it going to save you to store a cookie?

Anyway, no, TouchDB does not support logging in using _session, except as a=
 side effect of using BrowserID. If you think it really needs to, the code =
is open source so you=92re welcome to add that feature.

=97Jens=