jo
commented
8 years ago There is no such thing like a session id which one can invalidate. Just throw away the cookie. The session id is just a hash over username, salt, secret and a timestamp.
Open limoragni opened 8 years ago
jo
commented
8 years ago There is no such thing like a session id which one can invalidate. Just throw away the cookie. The session id is just a hash over username, salt, secret and a timestamp.
limoragni
commented
8 years ago Ok, I think throwing the cookie away may be enough for my case. But it might be useful to have a method to delete the session from couchdb as stated here: https://wiki.apache.org/couchdb/Session_API#Log_out
jo
commented
8 years ago Basically a DELETE _session just answers with a header that instructs the client to discard the session cookie.
Do you use nano in the browser?
carlosduclos
commented
7 years ago It seems that this issue has been answered and could be closed. If so, could you close it?
This is pretty basic but I couldn't find how to do it. After doing the authentication as shown here https://github.com/dscape/nano#using-cookie-authentication is there a way of logout that user invalidating the key? If not I would like to contribute adding a method to do that, but I would need some pointers.