Session cookies problem

[AidanNichol]

I'm using this with Electron and I'm running into problems.

I login ok but when I issue a getUser it responds 404 which means I'm not logged in.

A getSession gives the following response

{
    "info": {
        "authentication_db": "_users",
        "authentication_handlers": ["oauth", "cookie", "default"]
    },
    "ok": true,
    "userCtx": {
        "name": null,
        "roles": []
    }
}

The name is null and there is no "authenticated": "cookie", which makes me think that there is something strange about the way Electron is handling cookies.

Anybody got any suggestions as to what is happening and how I might get around this problem.

[dweremeichik]

@AidanNichol It's not just electron. I have a NodeJS project that I am working on and am seeing the same issue. I think it is more than just getUser as well. It seems to be effecting plain old db.get as well when authentication is required to read from a database.

[VladimirCores]

Any updates around this problem?

[ammichael]

Did anyone found a solution? 😕

[ptitjes]

I believe https://github.com/pouchdb/pouchdb/pull/6815 would fix your problem.

[ptitjes]

@dweremeichik This is now fixed on NodeJS. @AidanNichol, @DQvsRA, @ammichael Would you mind try again on Electron with master ?

[ammichael]

@ptitjes Actually I have this problem with Safari, with Ionic app. But gonna give it a try and will report asap

[orolle]

I can verify a similar problem with safari on Mac and iPhone. The problem is caused by very restrictive cookie policy of Safari, which does not allow another domain to set a cookie for this domain. Example: db.domain.com is a couchdb and whereas domain.com is the website, then website on domain.com cannot see the cookie set by db.domain.com. There are a couple workarounds on google (using iframes or redirects). Basic Auth works just fine. Improvment pouch-authentification can provide methods to interact with couchdb using Basic Auth? @ammichael My workaround is not using pouch-authentification but instead use plain pouchdb (https + Basic Auth) and make ajax requests to change user password etc manually. Through, a little sh*tty...

[ptitjes]

@orolle Do you think the cookie policy of Safari could be dealt with at the pouchdb-authentication level ?

As for the support of Basic Authentication, we've fixed a bug in 1.0.0 (more specifically in https://github.com/pouchdb-community/pouchdb-authentication/commit/19f547b), so I think what you ask for improvement is already in the code-base. You now can actually logIn, logOut and do all the user management stuff of pouchdb-authentication all using Basic Authentication. So would you mind trying the latest release (v1.1.0) to replace your custom code ? I'd be glad to know if this fix works for you and if not that you open a new issue on that specific subject.

[orolle]

@ptitjes pouch-auth 1.1.0 uses just credentials provided in url (verified and worked) but not provided in options.auth (verified and fails). I opened a new issue #204 Can you ping me when you released a fix. I will update then the pouchdb clojurescript wrappers. Thanks a lot for your help!

[goltra]

@ptitjes Can you give me an example how implemente basic auth with pouchdb-authentication? I prefer cookie auth but I have problems with IE11 and I'd like to test basic and use it with explorer. Thanks.

[ptitjes]

@goltra Cookie auth should work correctly on IE11 as it passes the tests (penultimate line of https://travis-ci.org/pouchdb-community/pouchdb-authentication).

However, if you want to add Basic Auth, just add a auth field to the database options:

db = new PouchDB('url', {
  auth: {
    username: 'user',
    password: 'pass'
  }
}

[goltra]

@ptitjes Yes, I find out the problem.. I have my app i a domain.com and couchdb is in otherdomain.com due to Explorer doesn't save the cookie session.. Can I do something with this? For example, is posible set the cookie to be valid for both domains?

Thanks

[abarax]

Was there ever a solution to this crossdomain cookie problem?

[ronelvcabrera]

same issue. Was hoping this library could have solved this issue. Any updates?

[SinanGabel]

My take is that your issues are not pouchdb-authentication issues but things that have to do with your couchdb configuration and possibly also your web server proxy settings (if you use such a proxy).

You can read more e.g. here: https://docs.couchdb.org/en/stable/config/http.html?highlight=cors#cross-origin-resource-sharing