> On Mar 26, 2015, at 8:36 AM, Christoph Berlin <[email protected]> > wrote: > > 1) User logs in via Facebook and uses the Token based authenticator to > authenticate with the sync gateway. > 2) User logs out and logs in with a basic HTTP authenticator > > Problem: even though the authenticator is correctly configured and the logic > is sound, the first authentication attempt happens under the old Facebook > user and hence the replication is messed up.
It sounds like the Gateway session cookie is still being sent and is overriding the basic-auth credentials. (You can verify this by sniffing the HTTP traffic using something like Charles.) I would think that the Gateway would check basic auth first, but I haven’t looked at that code in a long time. I suggest filing a bug against the Gateway. > We then suspected that the CBLManager might be the root cause as this is the > only process that doesn't get deallocated. I don’t think so. The CBLManager has nothing to do with replication. It makes sense for the replicator to clear session-related cookies when it’s using basic auth. The problem with that has been that the cookie store (NSHTTPCookieStorage) is a global shared by the entire app, so if one replicator did this it could destroy state used by another replicator. Pasin recently implemented <https://github.com/couchbase/couchbase-lite-ios/issues/543> a custom per-replicator cookie store that should fix this. —Jens -- You received this message because you are subscribed to the Google Groups "Couchbase Mobile" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To view this discussion on the web visit https://groups.google.com/d/msgid/mobile-couchbase/FB051F0A-0480-4D2E-B95F-59AC1CBEA190%40couchbase.com. For more options, visit https://groups.google.com/d/optout.
