CouchDB Authentication

Invalidating Sessions

To invalidate a session in couchdb, there are two options:

Change the session signing certificate on the server
Change the password and/or salt for the user whose session should be invalidated

There are drawbacks to note with each. Option 1 will invalidate all sessions; option 2 will invalidate all sessions for that user, and also their password.

Because of the nature of couch’s session management, there is no way to see a list of active/open sessions. Invalidating a specific session key could be achieved by denying a cookie value in e.g. nginx or API, but this is unlikely to be of practical value.

Feedback

Was this page helpful?

Glad to hear it! Please tell us how we can improve.

Sorry to hear that. Please tell us how we can improve.

Last modified 22.11.2022: Remove sensitive words (febd544)

Edit this page Create documentation issue Create project issue