Johannes J. Schmidt created COUCHDB-2042:
--------------------------------------------
Summary: Session not cleared after DELETE /_session (cookie auth)
Key: COUCHDB-2042
URL: https://issues.apache.org/jira/browse/COUCHDB-2042
Project: CouchDB
Issue Type: Bug
Components: HTTP Interface
Reporter: Johannes J. Schmidt
The session remains valid after deletion.
Steps to reproduce:
h3. Login
{code}
o@think:~$ curl -i -XPOST localhost:5984/_session
-d'{"name":"jo","password":"secure"}' -H'Content-Type:application/json'
HTTP/1.1 200 OK
Set-Cookie: AuthSession=am86NTJFOTE1NzM6s-jpL-0bFHe7K73tcJEYPymaXIU; Version=1;
Path=/; HttpOnly
Server: CouchDB/1.4.0 (Erlang OTP/R16B01)
Date: Wed, 29 Jan 2014 14:51:31 GMT
Content-Type: text/plain; charset=utf-8
Content-Length: 43
Cache-Control: must-revalidate
{"ok":true,"name":null,"roles":["_admin"]}
{code}
h3. Logout
{code}
jo@think:~$ curl -i -XDELETE localhost:5984/_session
HTTP/1.1 200 OK
Set-Cookie: AuthSession=; Version=1; Path=/; HttpOnly
Server: CouchDB/1.4.0 (Erlang OTP/R16B01)
Date: Wed, 29 Jan 2014 14:51:41 GMT
Content-Type: text/plain; charset=utf-8
Content-Length: 12
Cache-Control: must-revalidate
{"ok":true}
{code}
h3. Check session using previous cookie
{code}
jo@think:~$ curl -i localhost:5984/_session
-b'AuthSession=am86NTJFOTE1NzM6s-jpL-0bFHe7K73tcJEYPymaXIU; Version=1; Path=/;
HttpOnly'
HTTP/1.1 200 OK
Server: CouchDB/1.4.0 (Erlang OTP/R16B01)
Date: Wed, 29 Jan 2014 14:51:57 GMT
Content-Type: text/plain; charset=utf-8
Content-Length: 173
Cache-Control: must-revalidate
{"ok":true,"userCtx":{"name":"jo","roles":["_admin"]},"info":{"authentication_db":"_users","authentication_handlers":["oauth","cookie","default"],"authenticated":"cookie"}}
{code}
--
This message was sent by Atlassian JIRA
(v6.1.5#6160)
