The default value of the couch_httpd_auth/timeout config param is 600, meaning that cookie-based sessions expire in ten minutes.
Does this mean ten minutes after the session was first created, or after ten minutes of no activity? (That is, does each subsequent request extend the session expiration time?) I ask because, in the former interpretation, ten minutes seems like a very frustratingly short expiration time — I would not keep using a website that forced me to log in again every ten minutes! Obviously the admin can increase this value, but as I’m writing general purpose libraries that interact with arbitrary CouchDB servers [i.e. TouchDB and CouchCocoa] I have to work with whatever’s set in the remote database. And ten minutes is short enough that my session might expire in the middle of a replication, for example, which would complicate my auth logic. —Jens
