Session and security in CouchApp/CouchDB?

Question

I'm new to CouchApp and CouchDB and have some questions.

1. How can I make sessions in CouchApp from my own database (not _users)?
2. How would I retrieve that session?
3. How can I parse data from a document?

I can do it with a view, but when someone calls my view url and gets the id, he can get all data like passwords (I'm trying to use my own database to store login information).

In my database I have a document like this:

{  
   "_id": "...",  
   "_rev": "...",  
   "XDocType": "user",  
   "name": "Administrator",  
   "password": "1234",  
   "username": "admin"
}

I want to make a simple login/register/logout with sessions, not cookies.

Answer 1

A session is less important with a Couch app because the whole application runs in the client (browser). CouchDB only does the following:

• Authentication (user can connect with a password, or get a cookie to identify later)
• Authorization (CouchDB will allow or disallow reading or writing data, depending on the user's name and roles, and the database _security object and validate_doc_update functions.

You can change the default database for user accounts (instead of _users) however you must always have a users database. You can set the _security of the database so that anonymous users cannot access it. (However new users cannot easily sign-up, so it is a trade-off.)

Jan has an excellent post about CouchDB security.