[ https://issues.apache.org/jira/browse/COUCHDB-3125?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15458442#comment-15458442 ]
ASF GitHub Bot commented on COUCHDB-3125: ----------------------------------------- GitHub user adrienverge opened a pull request: https://github.com/apache/couchdb-couch/pull/194 Trigger cookie renewal on /_session It is currently not possible to programmatically renew an `AuthSession` cookie. The only way is to wait 10% of the cookie expiration time then make any request to CouchDB, so it sends a new cookie. Programmatically getting cookies can be needed, for example, when passwords are managed by authentication server. E.g., a third-party auth server gets a cookie, forwards it to a user, and the user needs the CouchDB server to install a new cookie in his/her browser with a `Set-Cookie` header. (Browsers don't allow JS to install cookies, only a `Set-Cookie` header from the server can set the cookie.) This patch brings the following change: an already-authenticated request (either POST or GET) on `/_session` will trigger the creation of a new cookie, whatever we're inside the 10% timeout window or not. This way, applications can programmatically get a cookie without having to wait 60 seconds. This closes: COUCHDB-3125 You can merge this pull request into a Git repository by running: $ git pull https://github.com/adrienverge/couchdb-couch feat/cookie-renewal Alternatively you can review and apply these changes as the patch at: https://github.com/apache/couchdb-couch/pull/194.patch To close this pull request, make a commit to your master/trunk branch with (at least) the following in the commit message: This closes #194 ---- commit 9970f18ca23f19b3b76f3031ab26bee2222ed80e Author: Adrien Vergé <adrienve...@gmail.com> Date: 2016-09-02T10:42:19Z Trigger cookie renewal on /_session It is currently not possible to programmatically renew an `AuthSession` cookie. The only way is to wait 10% of the cookie expiration time then make any request to CouchDB, so it sends a new cookie. Programmatically getting cookies can be needed, for example, when passwords are managed by authentication server. E.g., a third-party auth server gets a cookie, forwards it to a user, and the user needs the CouchDB server to install a new cookie in his/her browser with a `Set-Cookie` header. (Browsers don't allow JS to install cookies, only a `Set-Cookie` header from the server can set the cookie.) This patch brings the following change: an already-authenticated request (either POST or GET) on `/_session` will trigger the creation of a new cookie, whatever we're inside the 10% timeout window or not. This way, applications can programmatically get a cookie without having to wait 60 seconds. This closes: COUCHDB-3125 ---- > Trigger cookie renewal on /_session > ----------------------------------- > > Key: COUCHDB-3125 > URL: https://issues.apache.org/jira/browse/COUCHDB-3125 > Project: CouchDB > Issue Type: Improvement > Reporter: Adrien Vergé > > It is currently not possible to programmatically renew an `AuthSession` > cookie. The only way is to wait 10% of the cookie expiration time then make > any request to CouchDB, so it sends a new cookie. > Programmatically getting cookies can be needed, for example, when passwords > are managed by authentication server. E.g., a third-party auth server gets a > cookie, forwards it to a user, and the user needs the CouchDB server to > install a new cookie in his/her browser with a `Set-Cookie` header. (Browsers > don't allow JS to install cookies, only a `Set-Cookie` header from the server > can set the cookie.) -- This message was sent by Atlassian JIRA (v6.3.4#6332)