[
https://issues.apache.org/jira/browse/COUCHDB-3125?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15458442#comment-15458442
]
ASF GitHub Bot commented on COUCHDB-3125:
-----------------------------------------
GitHub user adrienverge opened a pull request:
https://github.com/apache/couchdb-couch/pull/194
Trigger cookie renewal on /_session
It is currently not possible to programmatically renew an `AuthSession`
cookie. The only way is to wait 10% of the cookie expiration time then make any
request to CouchDB, so it sends a new cookie.
Programmatically getting cookies can be needed, for example, when passwords
are managed by authentication server. E.g., a third-party auth server gets a
cookie, forwards it to a user, and the user needs the CouchDB server to install
a new cookie in his/her browser with a `Set-Cookie` header. (Browsers don't
allow JS to install cookies, only a `Set-Cookie` header from the server can set
the cookie.)
This patch brings the following change: an already-authenticated request
(either POST or GET) on `/_session` will trigger the creation of a new cookie,
whatever we're inside the 10% timeout window or not. This way, applications
can programmatically get a cookie without having to wait 60 seconds.
This closes: COUCHDB-3125
You can merge this pull request into a Git repository by running:
$ git pull https://github.com/adrienverge/couchdb-couch feat/cookie-renewal
Alternatively you can review and apply these changes as the patch at:
https://github.com/apache/couchdb-couch/pull/194.patch
To close this pull request, make a commit to your master/trunk branch
with (at least) the following in the commit message:
This closes #194
----
commit 9970f18ca23f19b3b76f3031ab26bee2222ed80e
Author: Adrien Vergé <adrienve...@gmail.com>
Date: 2016-09-02T10:42:19Z
Trigger cookie renewal on /_session
It is currently not possible to programmatically renew an `AuthSession`
cookie. The only way is to wait 10% of the cookie expiration time then
make any request to CouchDB, so it sends a new cookie.
Programmatically getting cookies can be needed, for example, when
passwords are managed by authentication server. E.g., a third-party auth
server gets a cookie, forwards it to a user, and the user needs the
CouchDB server to install a new cookie in his/her browser with a
`Set-Cookie` header. (Browsers don't allow JS to install cookies, only a
`Set-Cookie` header from the server can set the cookie.)
This patch brings the following change: an already-authenticated request
(either POST or GET) on `/_session` will trigger the creation of a new
cookie, whatever we're inside the 10% timeout window or not.
This way, applications can programmatically get a cookie without having
to wait 60 seconds.
This closes: COUCHDB-3125
----
> Trigger cookie renewal on /_session
> -----------------------------------
>
> Key: COUCHDB-3125
> URL: https://issues.apache.org/jira/browse/COUCHDB-3125
> Project: CouchDB
> Issue Type: Improvement
> Reporter: Adrien Vergé
>
> It is currently not possible to programmatically renew an `AuthSession`
> cookie. The only way is to wait 10% of the cookie expiration time then make
> any request to CouchDB, so it sends a new cookie.
> Programmatically getting cookies can be needed, for example, when passwords
> are managed by authentication server. E.g., a third-party auth server gets a
> cookie, forwards it to a user, and the user needs the CouchDB server to
> install a new cookie in his/her browser with a `Set-Cookie` header. (Browsers
> don't allow JS to install cookies, only a `Set-Cookie` header from the server
> can set the cookie.)
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
