You are viewing a plain text version of this content. The canonical link for it is here.

Posted to notifications@couchdb.apache.org by "Robert Newson (JIRA)" <ji...@apache.org> on 2016/07/30 18:57:20 UTC

[jira] [Resolved] (COUCHDB-3084) "authenticated" property is set even when no authentication occurs

     [ https://issues.apache.org/jira/browse/COUCHDB-3084?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]

Robert Newson resolved COUCHDB-3084.
------------------------------------
    Resolution: Fixed

> "authenticated" property is set even when no authentication occurs
> ------------------------------------------------------------------
>
>                 Key: COUCHDB-3084
>                 URL: https://issues.apache.org/jira/browse/COUCHDB-3084
>             Project: CouchDB
>          Issue Type: Bug
>            Reporter: Robert Newson
>
> The "authenticated" property from /_session should only appear when authentication has occurred.
> In 2.0 we extracted the 'admin party' handling into its own handler and this introduced the side-effect that all GET's to /_session are handled by an authentication handler.
> chttpd:maybe_set_handler makes the assumption that if a handler sets #httpd.user_ctx to a #user_ctx record that authentication has taken place. This is not always true.



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)