Pauli Price created COUCHDB-1831:
------------------------------------
Summary: Clearing AutoSession cooking doesn't respect domain
value, fails to clear domain = '.example.com' values
Key: COUCHDB-1831
URL: https://issues.apache.org/jira/browse/COUCHDB-1831
Project: CouchDB
Issue Type: Bug
Reporter: Pauli Price
Working on a remote authentication server. Setting AuthSession cookie at the
domain level - i.e. couchdb running at db.example.com & auth server running at
auth.example.com -- set cookie with domain='.example.com' & visit
db.example.com/_utils --- session is logged in. Click 'logout' in futon, user
remains logged in. Examine cookies -- two AuthSession cookies exist -- one
with domain = 'db.example.com' with blank value, and the original one with
domain='.example.com' -- unchanged.
Fix is to pass the original cookie's domain value into the set cookie statement
that clears the session.
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see: http://www.atlassian.com/software/jira
