I might have found the answer to my question:
There is a setting: httpd.authentication_handlers. By default it says:
{couch_httpd_oauth, oauth_authentication_handler}, {couch_httpd_auth,
cookie_authentication_handler}, {couch_httpd_auth,
default_authentication_handler}
putting cookie_authentication_handler at the and makes it work for me
{couch_httpd_oauth, oauth_authentication_handler}, {couch_httpd_auth,
default_authentication_handler}, {couch_httpd_auth,
cookie_authentication_handler}
Any downsides you can think of when I'm changing this setting?
--
Gregor Martynus
On Wednesday, 23. May 2012 at 19:27, Gregor Martynus wrote:
> Hey couch folks,
>
> let's say there is a database "user2", which has Readers: ["user2"] in its
> security settings.
>
> Now let's say user1 is logged in, with cookie authentication and he has the
> password of user2. Is there any way he can make an authenticated request as
> user2: `GET /user2/_all_docs`
>
> I tried it with the Authorization header, but that only works if I'm signed
> out. Once I'm signed in as a user, the Authorization headers is ignored.
>
> so Question is: when I'm logged in as user1 with cookies, can I send a
> request as user2, when I know the password?
>
> --
> Gregor Martynus
>
