[
https://issues.apache.org/jira/browse/COUCHDB-1304?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13190307#comment-13190307
]
Jason Smith commented on COUCHDB-1304:
--------------------------------------
Good points, Jan and Benoit. You make a good case for the 1%.
I hope Couch has a compelling story for writing blog software, not bank
software: the easy things easy, the hard things possible. That's just IMHO.
Either default is fine.
> set Expires header on session cookies to make them persistent
> -------------------------------------------------------------
>
> Key: COUCHDB-1304
> URL: https://issues.apache.org/jira/browse/COUCHDB-1304
> Project: CouchDB
> Issue Type: Improvement
> Components: HTTP Interface
> Affects Versions: 1.1
> Reporter: max ogden
> Assignee: Robert Newson
> Priority: Minor
> Labels: authentication, cookie
> Fix For: 1.2
>
> Original Estimate: 1h
> Remaining Estimate: 1h
>
> currently couch's cookie based authentication only sets session cookies as
> opposed to persistent cookies. the difference between these two is the
> Expires header. if it is not present most web browsers will delete your
> cookie when you quit your browser, whereas if it is set then your browser
> keeps the cookie around until the time specified by the Expires header.
> This sucks for UX because users quit and re-launch their browser they'll have
> to log in again.
> I am proposing that we set the Expires header in cookies to match the time in
> the couch_httpd_auth timeout
> p.s. this is similar to the issue I opened
> https://issues.apache.org/jira/browse/COUCHDB-1095 but at that time I didn't
> realize that what I really wanted was the Expires header
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators:
https://issues.apache.org/jira/secure/ContactAdministrators!default.jspa
For more information on JIRA, see: http://www.atlassian.com/software/jira
