Thanks for the shot, either quick or not. > but can't increasing couch_httpd_auth:timeout config option help you?
I tried that. That is some kind of timeout internal to couch. The cookie it emits has no date set so when the browser closes the cookie goes away. I guess I'll have to do some research on how to do everything in my app. Thanks again. On Thu, Mar 3, 2011 at 3:40 PM, Martin Hilbig <[email protected]> wrote: > On 02.03.2011 08:17, Mark Hahn wrote: >> >> If you don't mind, can you explain your idea in a bit more detail? I >> need ideas. > > i guess my thought would need digging into erlang and write another > "authentication handler" but i dont know where they are documented. > > i wanted to say, with that new authentication handler you could add another > cookie_passwd_sha1 field to your _users documents which is basically the > cookie you provided to the user earlier, just also hashed. > > but cant increasing couch_httpd_auth:timeout config option help you? > >> I appreciate the reference to the wiki page but it sure is a mess. I >> couldn't make heads nor tails out of it. Is there a page that spells >> out what auth handlers are provided and how they function? > > it's probably hidden therein like [2]. > > sorry if it doesnt make sense nor help you, i got nothing more to say, was > just a quick shot. > > have fun > martin > > [2]: http://wiki.apache.org/couchdb/Security_Features_Overview > >> >> On Tue, Mar 1, 2011 at 11:02 PM, Martin Hilbig<[email protected]> wrote: >>> >>> just a quick idea: how about a auth handler[1] which uses the cookie as >>> second passwd and creates a new one afterwards? >>> >>> have fun >>> martin >>> >>> [1]: http://wiki.apache.org/couchdb/Authentication_and_Authorization >>> >>> On 02.03.2011 06:51, Mark Hahn wrote: >>>> >>>> I would like to have the features of the cookie authorization built >>>> into couchdb with the _users table, but allow the user to stay logged >>>> in even after their browser is closed or the db is restarted. >>>> >>>> I could store the sha hash in a cookie and check it against their doc >>>> from _users, but after I've done that, how do I get them logged into >>>> couchdb with a token? The only way I can figure out how to do this is >>>> to store the user's password in the clear which defeats the whole >>>> point of storing the sha hashed password. Is there any way to log in >>>> a user to couchdb without using the clear password? >>>> >>> >> >> >> > -- Mark Hahn Website Manager [email protected] 949-229-1012
