Johannes J. Schmidt created COUCHDB-2042: --------------------------------------------
Summary: Session not cleared after DELETE /_session (cookie auth) Key: COUCHDB-2042 URL: https://issues.apache.org/jira/browse/COUCHDB-2042 Project: CouchDB Issue Type: Bug Components: HTTP Interface Reporter: Johannes J. Schmidt The session remains valid after deletion. Steps to reproduce: h3. Login {code} o@think:~$ curl -i -XPOST localhost:5984/_session -d'{"name":"jo","password":"secure"}' -H'Content-Type:application/json' HTTP/1.1 200 OK Set-Cookie: AuthSession=am86NTJFOTE1NzM6s-jpL-0bFHe7K73tcJEYPymaXIU; Version=1; Path=/; HttpOnly Server: CouchDB/1.4.0 (Erlang OTP/R16B01) Date: Wed, 29 Jan 2014 14:51:31 GMT Content-Type: text/plain; charset=utf-8 Content-Length: 43 Cache-Control: must-revalidate {"ok":true,"name":null,"roles":["_admin"]} {code} h3. Logout {code} jo@think:~$ curl -i -XDELETE localhost:5984/_session HTTP/1.1 200 OK Set-Cookie: AuthSession=; Version=1; Path=/; HttpOnly Server: CouchDB/1.4.0 (Erlang OTP/R16B01) Date: Wed, 29 Jan 2014 14:51:41 GMT Content-Type: text/plain; charset=utf-8 Content-Length: 12 Cache-Control: must-revalidate {"ok":true} {code} h3. Check session using previous cookie {code} jo@think:~$ curl -i localhost:5984/_session -b'AuthSession=am86NTJFOTE1NzM6s-jpL-0bFHe7K73tcJEYPymaXIU; Version=1; Path=/; HttpOnly' HTTP/1.1 200 OK Server: CouchDB/1.4.0 (Erlang OTP/R16B01) Date: Wed, 29 Jan 2014 14:51:57 GMT Content-Type: text/plain; charset=utf-8 Content-Length: 173 Cache-Control: must-revalidate {"ok":true,"userCtx":{"name":"jo","roles":["_admin"]},"info":{"authentication_db":"_users","authentication_handlers":["oauth","cookie","default"],"authenticated":"cookie"}} {code} -- This message was sent by Atlassian JIRA (v6.1.5#6160)