[jira] Updated: (COUCHDB-1066) cookie_authentication_handler does not throw if cookie is invalid or has expired

Robert Newson (JIRA) Sun, 13 Feb 2011 04:25:25 -0800

     [ 
https://issues.apache.org/jira/browse/COUCHDB-1066?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]


Robert Newson updated COUCHDB-1066:
-----------------------------------

    Affects Version/s: 1.1
                       0.11.2

> cookie_authentication_handler does not throw if cookie is invalid or has 
> expired
> --------------------------------------------------------------------------------
>
>                 Key: COUCHDB-1066
>                 URL: https://issues.apache.org/jira/browse/COUCHDB-1066
>             Project: CouchDB
>          Issue Type: Bug
>    Affects Versions: 0.11.2, 1.0.2, 1.1
>            Reporter: Robert Newson
>            Assignee: Robert Newson
>            Priority: Critical
>
> cookie_authentication_handler does not throw if the cookie is invalid or has 
> expired, instead it delegates to the next handler.
> This leads to ugly results like getting a response from /_session but with no 
> userCtx filled in.
> cookie_authentication_handler should throw if, and only if, there's an 
> AuthSession cookie that is expired or invalid. We shouldn't attempt to try 
> other auth schemes. If there is no such cookie, then we delegate.

-- 
This message is automatically generated by JIRA.
-
For more information on JIRA, see: http://www.atlassian.com/software/jira

[jira] Updated: (COUCHDB-1066) cookie_authentication_handler does not throw if cookie is invalid or has expired

Reply via email to