[jira] [Updated] (COUCHDB-1304) set Expires header on session cookies to make them persistent
[ https://issues.apache.org/jira/browse/COUCHDB-1304?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Jan Lehnardt updated COUCHDB-1304: -- Fix Version/s: (was: 1.2) 1.3 Bump to 1.3.x. > set Expires header on session cookies to make them persistent > - > > Key: COUCHDB-1304 > URL: https://issues.apache.org/jira/browse/COUCHDB-1304 > Project: CouchDB > Issue Type: Improvement > Components: HTTP Interface >Affects Versions: 1.1 >Reporter: max ogden >Priority: Minor > Labels: authentication, cookie > Fix For: 1.3 > > Original Estimate: 1h > Remaining Estimate: 1h > > currently couch's cookie based authentication only sets session cookies as > opposed to persistent cookies. the difference between these two is the > Expires header. if it is not present most web browsers will delete your > cookie when you quit your browser, whereas if it is set then your browser > keeps the cookie around until the time specified by the Expires header. > This sucks for UX because users quit and re-launch their browser they'll have > to log in again. > I am proposing that we set the Expires header in cookies to match the time in > the couch_httpd_auth timeout > p.s. this is similar to the issue I opened > https://issues.apache.org/jira/browse/COUCHDB-1095 but at that time I didn't > realize that what I really wanted was the Expires header -- This message is automatically generated by JIRA. If you think it was sent incorrectly, please contact your JIRA administrators: https://issues.apache.org/jira/secure/ContactAdministrators!default.jspa For more information on JIRA, see: http://www.atlassian.com/software/jira
[jira] [Updated] (COUCHDB-1304) set Expires header on session cookies to make them persistent
[ https://issues.apache.org/jira/browse/COUCHDB-1304?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Jan Lehnardt updated COUCHDB-1304: -- Fix Version/s: (was: 1.1) 1.2 The earliest we can "fix" this is 1.2. > set Expires header on session cookies to make them persistent > - > > Key: COUCHDB-1304 > URL: https://issues.apache.org/jira/browse/COUCHDB-1304 > Project: CouchDB > Issue Type: Improvement > Components: HTTP Interface >Affects Versions: 1.1 >Reporter: max ogden >Priority: Minor > Labels: authentication, cookie > Fix For: 1.2 > > Original Estimate: 1h > Remaining Estimate: 1h > > currently couch's cookie based authentication only sets session cookies as > opposed to persistent cookies. the difference between these two is the > Expires header. if it is not present most web browsers will delete your > cookie when you quit your browser, whereas if it is set then your browser > keeps the cookie around until the time specified by the Expires header. > This sucks for UX because users quit and re-launch their browser they'll have > to log in again. > I am proposing that we set the Expires header in cookies to match the time in > the couch_httpd_auth timeout > p.s. this is similar to the issue I opened > https://issues.apache.org/jira/browse/COUCHDB-1095 but at that time I didn't > realize that what I really wanted was the Expires header -- This message is automatically generated by JIRA. If you think it was sent incorrectly, please contact your JIRA administrators: https://issues.apache.org/jira/secure/ContactAdministrators!default.jspa For more information on JIRA, see: http://www.atlassian.com/software/jira