Menu
I configured my CouchDB with HTTPS using exactly the instruction given in the documentation (only that I changed the ssl port to 6161). And I created two admins. Then when I tried to log in using cookie authentication like the following:
curl -kX POST https://localhost:6161/_session \
-H 'Content-Type:application/x-www-form-urlencoded' \
-d 'name=admin&password=admin'
The username and password are correct, as I can login using the -u option of curl. But I always got unauthorized error. I am not sure what is wrong here.
877
I finally figured out what I should do in this case. I need to combine basic authentication and cookie authentication to be able to log in.
curl -kX POST -u admin:admin https://localhost:6161/_session \
-H 'Content-Type:application/x-www-form-urlencoded' \
-d 'name=admin&password=admin'
Maybe it is because I set require_valid_user = true, and cookie authentication is one of the REST API, while basic authentication is part of the HTTP protocol, and the flag above affects in the HTTP level.
But now there is still the problem: do I need to provide twice the login information each time to do cookie authentication? How about I provide one login for basic authentication and another login for cookie authentication? Could this be a threat for the system?
94
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With