To invalidate a session in couchdb, there are two options:
- Change the session signing certificate on the server
- Change the password and/or salt for the user whose session should be invalidated
There are drawbacks to note with each. Option 1 will invalidate all sessions; option 2 will invalidate all sessions for that user, and also their password.
Because of the nature of couch’s session management, there is no way to see a list of active/open sessions. Invalidating a specific session key could be achieved by denying a cookie value in e.g. nginx or API, but this is unlikely to be of practical value.
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.
Last modified 22.11.2022: Remove sensitive words (febd544)