I should clarify. you need to POST to get a cookie and the credentials are in the request body (as either form data or json, but set your content-type correctly). if you GET /_session with basic auth, then it shows you your name and roles (since you've already authenticated), and doesn't send a cookie (because you're using basic auth instead).
mutually exclusive. B. On 8 January 2013 01:26, Robert Newson <[email protected]> wrote: > You have to POST, yes. > > On 8 January 2013 01:18, Jens Alfke <[email protected]> wrote: >> According to the wiki docs[1], GET /_session with a valid Authorization: >> header will create a session. However, when I try this it doesn’t set any >> cookie: >> >> $ http --auth snej GET :5984/_session >> http: password for snej@:5984: >> HTTP/1.1 200 OK >> Cache-Control: must-revalidate >> Content-Length: 176 >> Content-Type: text/plain; charset=utf-8 >> Date: Tue, 08 Jan 2013 01:10:46 GMT >> Server: CouchDB/1.2.0 (Erlang OTP/R15B01) >> >> {"ok":true,"userCtx":{"name":"snej","roles":["_admin"]},"info":{"authentication_db":"_users","authentication_handlers":["oauth","cookie","default"],"authenticated":"default”}} >> >> If this doesn’t set a cookie, it’s kind of useless. Is it necessary to use >> POST to get a login session? >> >> —Jens >> >> [1]: http://wiki.apache.org/couchdb/Session_API
