1

I am using COUCHDB built in Session API in my application. I now want to renew the session as every user logs in, also i do not want to give a long expiry time to the session.

scalabilitysolved
  • 2,473
  • 1
  • 26
  • 31
user2144976
  • 71
  • 3

1 Answers1

1

I don't really understand your question. It doesn't make sense that you want to "renew the session as every user logs in".

The whole idea of a session is that it's a per-user-login session. Each user who logs in should trigger a POST /_session request to your CouchDB server, that will respond with an AuthSession cookie which is then what you send back in subsequent requests and that's your session cookie.

The next user who logs in should generate another POST /_session which will create a new session cookie for that user. So there's no renewal as every user logs in.

Now, the expiry on the session is set by the timeout setting in the [couch_httpd_auth] and defaults to 10 minutes. If you want it shorter than that then adjust that setting in your local.ini

So, finally, if you ever want to explicitly remove the session, eg. from a "logout" button, then you do that by sending a DELETE /_session request.

smathy
  • 26,283
  • 5
  • 48
  • 68
  • Lets consider i have 1 day as timeout value in couchdb. i login today at 5 pm and 8pm, here, when will be my AuthSession cookie get expired. 4.59pm or 7.59pm tomorrow. – user2144976 Feb 10 '14 at 05:49
  • It will expire at 5pm the next day. – smathy Feb 10 '14 at 17:15
  • But i want to expire on 8.00pm next day. i.e whenever the user logs in, the last time they logged in should be considered for session expiry. or is there any way that i can renew the AuthSession cookie whenever they logs in? – user2144976 Feb 12 '14 at 16:57
  • As I say in my answer, `POST` to `/_session` to get a new (ie. renew) the auth session. – smathy Feb 12 '14 at 17:50
  • @smathy But `DELETE /_session` seems cannot revoke the AuthSession that fetched on my side? Why. [it was asked before](http://grokbase.com/t/couchdb/dev/112pa6tb2d/jira-created-couchdb-1073-delete-session-doesnt-delete-the-session-client-can-still-get-user-information-using-get-session-and-with-the-session-cookie-retrieved), but haven't got an answer. – mitnk Sep 19 '15 at 10:59