Hi, I was trying to setup and use couchdb http cookie auth. I could not find any "official" documentation for the same. A bit of searching around gave me these.
1. http://pierrel.posterous.com/securing-couchdb (seems new) 2. http://www.mail-archive.com/[email protected]/msg02631.html (2009) 3. http://www.jasondavies.com/blog/2009/05/27/secure-cookie-authentication-couchdb My requirement is this. * Have one db with user related docs. * The key of the doc is the userid * The sha1 hashed password for each user is stored in his doc. * I want to issue cookies based on a userid and password posted to couchdb. Originally, I was trying on writing my own show function to do an auth. Then I saw that couchdb itself has support for doing this. The methods discussed in the above thread(s) are really good and I wanted to try it out. However, it is not working even after following both the examples. I keep getting an error {"error":"unauthorized","reason":"Name or password is incorrect."} The debug logs also don't give out much information. Looks like I have not set up things properly and the above docs are a bit confusing. Also, could not find anything on the couchdb wiki. So, I wanted to check if there is any other documentation on how to make use of http cookie auth. Or has anyone tried and got it working ? In link(1), it explains how to setup a single auth scheme for a couchdb node and making use of /_session to get a cookie. In link(2), it looks like adding _login and _logout handlers to each db. Does this mean that each db can have it's own user/password sets ? Also, what parameters must be passed to _login ? Also, this says that the "users" view values must have a member "password" whereas the previous link asks for a member "password_sha". Which is the correct approach to follow ? or are both valid ? I am a bit confused as of now :-) Regards, Mahendra http://twitter.com/mahendra
