Giters

apache / couchdb-fauxton

Fauxton is the new Web UI for CouchDB

Home Page:https://github.com/apache/couchdb-fauxton

Geek Repo:Geek Repo

Github PK Tool:Github PK Tool

Handle expired authentication cookies

segevfiner opened this issue · comments

commented

Expected Behavior

Fauxton should handle an expired session cookie and either renew it (Might not be possible since you will have to save the credentials for that) or just ask the user to login again.

Current Behavior

Fauxton still thinks you are logged and fails to access anything as it tries to access it anonymously. On a browser refresh you will be returned to the login dialog.

Possible Solution

Fauxton should detect this and either renew the cookie (Might not be possible since you will have to save the credentials for that) or just ask the user to login again without throwing random access errors or requiring a refresh.

Steps to Reproduce (for bugs)

  1. Login to CouchDB Fauxton with cookie auth enabled. (Just install CouchDB and create an admin user, that's the default auth mechanism).
  2. Leave Fauxton open and wait for the cookie to expire (10 minutes).
  3. Try and access anything requiring auth without a refresh, a DB, the config, etc. You will receive access denied errors.

Context

Just normally using Fauxton and leaving it running in the background, coming back to it later.

Your Environment

  • Version used: CouchDB 2.3.1
  • Browser Name and version: Firefox 69.0.2
  • Operating System and version (desktop or mobile): macOS 10.14.6
  • Link to your project: N/A