cookie_authentication_handler does not throw if cookie is invalid or has expired
--------------------------------------------------------------------------------
Key: COUCHDB-1066
URL: https://issues.apache.org/jira/browse/COUCHDB-1066
Project: CouchDB
Issue Type: Bug
Affects Versions: 1.0.2
Reporter: Robert Newson
Assignee: Robert Newson
Priority: Critical
cookie_authentication_handler does not throw if the cookie is invalid or has
expired, instead it delegates to the next handler.
This leads to ugly results like getting a response from /_session but with no
userCtx filled in.
cookie_authentication_handler should throw if, and only if, there's an
AuthSession cookie that is expired or invalid. We shouldn't attempt to try
other auth schemes. If there is no such cookie, then we delegate.
--
This message is automatically generated by JIRA.
-
For more information on JIRA, see: http://www.atlassian.com/software/jira
