I think the blacklist idea is a non-starter because of the storage overhead.
However I do agree that we should end the auto extension of session cookies.
You should get exactly whatever the configured duration is and no more. When
that cookie expires, or sooner if you’re smart, you can request a
Hello all, my name is Tabeth and this is my first post. Please let me know if
I'm not following any conventions surrounding the usage of this mailing list.
Without further ado:
I believe it would be prudent for CouchDB to add the ability to invalidate
specific sessions. There was some discussio