Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

allow_persistent_cookies not working #317

Open
Ciebiada opened this issue Apr 15, 2018 · 3 comments
Open

allow_persistent_cookies not working #317

Ciebiada opened this issue Apr 15, 2018 · 3 comments

Comments

@Ciebiada
Copy link
Contributor

Hi,

Is allow_persistent_cookies supported?

Steps to reproduce

❯ curl -X PUT http://root:root@localhost:5984/_config/couch_httpd_auth/allow_persistent_cookies -d '"true"'
true

❯ curl -v http://localhost:5984/_session -d 'name=michal1&password=michal1'     
*   Trying ::1...
* TCP_NODELAY set
* Connected to localhost (::1) port 5984 (#0)
> POST /_session HTTP/1.1
> Host: localhost:5984
> User-Agent: curl/7.54.0
> Accept: */*
> Content-Length: 29
> Content-Type: application/x-www-form-urlencoded
> 
* upload completely sent off: 29 out of 29 bytes
< HTTP/1.1 200 OK
< X-Powered-By: Express
< Access-Control-Allow-Origin: http://localhost:3000
< Vary: Origin, Accept-Encoding
< Access-Control-Allow-Credentials: true
< Set-Cookie: AuthSession=bWljaGFsMTo1QUQzMzIxMjrA_sQnHtpacJ8aEpTRTXkvohpD9A; Path=/; HttpOnly
< Content-Type: text/plain; charset=utf-8
< Content-Length: 40
< ETag: W/"28-0UwHQaxGthANXDHaMKfsV9Rw2Pg"
< Date: Sun, 15 Apr 2018 11:05:53 GMT
< Connection: keep-alive
< 
{"ok":true,"name":"michal1","roles":[]}
* Connection #0 to host localhost left intact

As you can see Set-Cookie doesn't include Expires= which means the cookie is a session one.

I'm using pouchdb-authentication and those cookies work very well with my React app. However I would like to make them persist
@marten-de-vries
Copy link
Member

Seems like allow_persistent_cookie is't implemented. The cookie logic is here: https://github.com/pouchdb/pouchdb-server/blob/master/packages/node_modules/express-pouchdb/lib/routes/authentication.js

@Ciebiada
Copy link
Contributor Author

I see.

Would you guys merge it If I created pull request for it?

@marten-de-vries
Copy link
Member

@Ciebiada Yes, that would be great.

Ciebiada added a commit to Ciebiada/pouchdb-server that referenced this issue Apr 23, 2018
@Ciebiada
(pouchdb#317) - Add allow_persistent_cookies config
01dfa4e
Ciebiada added a commit to Ciebiada/pouchdb-server that referenced this issue Jun 9, 2018
@Ciebiada
(pouchdb#317) - Add allow_persistent_cookies config
f9c4b93
marten-de-vries pushed a commit that referenced this issue Jun 9, 2018
@Ciebiada @marten-de-vries
(#317) - Add allow_persistent_cookies config (#319)
0756f48
mannyluvstacos added a commit to mannyluvstacos/pouchdb-server that referenced this issue Jan 13, 2022
@mannyluvstacos
fix: update to @dabh/colors for security vuln
3d21002 
A Security Vuln was identified in the Colors package for >1.4.0, offending packages being `1.4.1`, `1.4.44-liberty`
- [source1](https://twitter.com/snyksec/status/1480286811482206216?ref_src=twsrc%5Egoogle%7Ctwcamp%5Eserp%7Ctwgr%5Etweet)
- [source2](https://twitter.com/snyksec/status/1480286811482206216?ref_src=twsrc%5Egoogle%7Ctwcamp%5Eserp%7Ctwgr%5Etweet)
- [source3](https://security.snyk.io/vuln/SNYK-JS-COLORS-2331906)

This PR updates the color package to using [@dabh/colors](https://www.npmjs.com/package/@dabh/colors) as stated on this [colors issue pouchdb#317](Marak/colors.js#317 (comment)) which is a safe alternative.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@Ciebiada @marten-de-vries