[COUCHDB-1304] set Expires header on session cookies to make them persistent - ASF JIRA

XML

Word

Printable

JSON

Details

Type: Improvement
Status: Resolved
Priority: Minor
Resolution: Fixed
Affects Version/s: 1.1
Fix Version/s: 1.2
Component/s: HTTP Interface
Labels:
- authentication
- cookie

Skill Level:
New Contributors Level (Easy)

Description

currently couch's cookie based authentication only sets session cookies as opposed to persistent cookies. the difference between these two is the Expires header. if it is not present most web browsers will delete your cookie when you quit your browser, whereas if it is set then your browser keeps the cookie around until the time specified by the Expires header.

This sucks for UX because users quit and re-launch their browser they'll have to log in again.

I am proposing that we set the Expires header in cookies to match the time in the couch_httpd_auth timeout

p.s. this is similar to the issue I opened https://issues.apache.org/jira/browse/COUCHDB-1095 but at that time I didn't realize that what I really wanted was the Expires header

Attachments

Activity

People

Assignee:: Robert Newson

Reporter:: max ogden

Votes:: 0 Vote for this issue

Watchers:: 0 Start watching this issue

Dates

Created:: 12/Oct/11 19:40

Updated:: 21/Jan/12 12:51

Resolved:: 20/Jan/12 12:04

Time Tracking

Estimated:

Remaining:

Logged:

Not Specified