Skip to content

HTTPS clone URL

Subversion checkout URL

You can clone with
or
.
Download ZIP

Loading…

Cookie Header Caching #366

Closed
areichman opened this Issue · 2 comments

2 participants

@areichman

I'm attempting to make requests to CouchDB from inside an Express app. I'm seeing a cached cookie header get sent to Couch on every request, regardless of the actual initial request from the client.

For example, I log in to my app on one machine and I see the correct response from CouchDB. Another user visits the same app on another machine and is instantly recognized as being logged in as me because CouchDB is somehow receiving my session cookie. If they then choose to force a new login on their machine, then my app now thinks I'm logged in as them.

Here's a snippet where I am attempting to pull the cookie from the Express request object and pass it along to CouchDB:

exports.currentUser = function(req, res, next) {
  var headers = {}, cookie = req.cookies.AuthSession, auth = req.get('authorization');
  if (cookie) headers.Cookie = 'AuthSession=' + cookie;
  if (auth) headers.Authorization = auth;
  request({url: 'http://127.0.0.1:5984/_session', json: {}, headers: headers}, function(error, resp, body) {
    console.log(body);
    next();
};

Any thoughts on why this is happening or what I'm missing? I'm using version 2.11.4 from npm.

@natevw

I wonder if this is an effect of the built-in cookie jar? Try setting {jar:false} in your request options — I didn't realize request was trying to handle that kind of stuff until I started looking into some potentially related issues I've been having.

@areichman

@natevw I completely forgot about that option. Setting that to false did the trick. Thanks!

@areichman areichman closed this
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Something went wrong with that request. Please try again.