[COUCHDB-1066] cookie_authentication_handler does not throw if cookie is invalid or has expired - ASF JIRA

XML

Word

Printable

JSON

Details

Type: Bug
Status: Resolved
Priority: Critical
Resolution: Fixed
Affects Version/s: 0.11.2, 1.0.2, 1.1
Fix Version/s: 1.0.3, 1.1, 1.2
Component/s: None
Labels:
None

Description

cookie_authentication_handler does not throw if the cookie is invalid or has expired, instead it delegates to the next handler.

This leads to ugly results like getting a response from /_session but with no userCtx filled in.

cookie_authentication_handler should throw if, and only if, there's an AuthSession cookie that is expired or invalid. We shouldn't attempt to try other auth schemes. If there is no such cookie, then we delegate.

Attachments

Activity

People

Assignee:: Robert Newson

Reporter:: Robert Newson

Votes:: 0 Vote for this issue

Watchers:: 0 Start watching this issue

Dates

Created:: 13/Feb/11 12:21

Updated:: 27/May/11 08:07

Resolved:: 27/May/11 08:07