[jira] [Commented] (COUCHDB-2794) Documentation not fully correct for couch_httpd_auth/secret

Alexander Shorin (JIRA) Mon, 31 Aug 2015 10:21:42 -0700

    [ 
https://issues.apache.org/jira/browse/COUCHDB-2794?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14723718#comment-14723718
 ]


Alexander Shorin commented on COUCHDB-2794:
-------------------------------------------

That's right: secret is used both for proxy and cookie auth.

> Documentation not fully correct for couch_httpd_auth/secret
> -----------------------------------------------------------
>
>                 Key: COUCHDB-2794
>                 URL: https://issues.apache.org/jira/browse/COUCHDB-2794
>             Project: CouchDB
>          Issue Type: Bug
>      Security Level: public(Regular issues) 
>          Components: Documentation
>            Reporter: Nathan Vander Wilt
>
> The documentation for couch_httpd_auth/secret [currently 
> states](http://docs.couchdb.org/en/latest/config/auth.html#couch_httpd_auth/secret)
>  that the value is:
> > The secret token used for Proxy Authentication method.
> This does appear to be the case, but it's worth noting that AFAICT this 
> secret is also used to sign cookie authentication as well — i.e. changing it 
> will "log out" all current cookie-based sessions.



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)

[jira] [Commented] (COUCHDB-2794) Documentation not fully correct for couch_httpd_auth/secret

Reply via email to