You are viewing a plain text version of this content. The canonical link for it is here.
Posted to notifications@couchdb.apache.org by GitBox <gi...@apache.org> on 2018/09/07 12:51:24 UTC
[GitHub] flimzy opened a new issue #1598: Request: Include cookie expiry
time in Set-Cookie header
flimzy opened a new issue #1598: Request: Include cookie expiry time in Set-Cookie header
URL: https://github.com/apache/couchdb/issues/1598
When writing CouchDB clients that use Cookie auth, it would be very beneficial to have some idea when the authentication is about to expire, so that authentication can be re-done to refresh the cookie.
At present, CouchDB doesn't give any such clues to the client. Example (with CouchDB 2.2.20):
$ curl -v -X POST http://localhost:6004/_session -H 'Content-Type: application/json' -d '{"name":"admin","password":"abc123"}'
Note: Unnecessary use of -X or --request, POST is already inferred.
* Trying ::1...
* TCP_NODELAY set
* Connected to localhost (::1) port 6004 (#0)
> POST /_session HTTP/1.1
> Host: localhost:6004
> User-Agent: curl/7.52.1
> Accept: */*
> Content-Type: application/json
> Content-Length: 36
>
* upload completely sent off: 36 out of 36 bytes
< HTTP/1.1 200 OK
< Cache-Control: must-revalidate
< Content-Length: 46
< Content-Type: application/json
< Date: Fri, 07 Sep 2018 12:48:28 GMT
< Server: CouchDB/2.2.0 (Erlang OTP/19)
< Set-Cookie: AuthSession=YWRtaW46NUI5MjczOUM68IYzw6QYhBU0nLMTM-XQjuRdcrs; Version=1; Path=/; HttpOnly
<
{"ok":true,"name":"admin","roles":["_admin"]}
My request is that we add a `Max-Age` or `Expires` value to the `Set-Cookie` header. This should be set based on the session timeout value.
----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on GitHub and use the
URL above to go to the specific comment.
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
With regards,
Apache Git Services