Hi there!
I am using cookie based authentication. I have a server which creates a session on the Sync Gateway, then passes the cookie details to a client. The client creates a Replicator which connects to the Sync Gateway. I use the setCookie method using the cookie details and a timeout of 10 seconds. The problem is that the Sync Gateway is still accepting changes from the Replicator after the 10 seconds have expired. I think that I may not be understanding the process correctly. Is the following basically correct?
-
The Replicator (via setCookie) uses the cookie in a header to perform authentication with the Sync Gateway
-
When the cookie expires, the authentication should fail and the Sync Gateway should return a 403
I read in an earlier forum answer that you should be able to see the cookie details for a session (including timeout) by doing a GET on the session, but I only see that the session uses cookie authentication and no details about the cookie itself! Should I be doing something different to get this information?
Also in the Sync Gateway I see the following log:
Changes+: Changes POST request. URL: /data/_changes?feed=normal&heartbeat=30000&style=all_docs&active_only=true&filter=sync_gateway%2Fbychannel, feed: normal, options: {Since:0 Limit:0 Conflicts:true IncludeDocs:false Wait:false Continuous:false Terminator:<nil> HeartbeatMs:30000 TimeoutMs:300000 ActiveOnly:true}, filter: sync_gateway/bychannel, bychannel: [rwdhupz5Masow08Yn6fyRnrUAI], docIds: [] (to ArtVandelay.Z4kAcFoY8MoEdqiMtK46Oloz)
This log seems to show some information about the replicator and I see a timeout of 300000 ms. Should this value be the timeout value in the cookie? If so, then my issue is that value that I’m setting isn’t being honoured and I can investigate why that is the case. If not, can you tell me what this timeout is used for?
Finally, I wanted to mention that I do not have guest access to the Sync Gateway enabled.
Edit: I’m using Couchbase Lite 1.4 and Sync Gateway 1.5.0.
Thanks so much,
Justin