Hi Guys,
Is it correct that password is not checked by Sync Gateway on custom session creation? Documentation here says that we have to provide name and password, but
curl -X POST http://localhost:4985/gw/_session -H "Content-Type:application/json" -d '{"name":"andrew"}'
gives me valid session, w/o any password, works with wrong password too:
{"session_id":"b09b4992ea0dcf648c3126bafda837d1506fd716","expires":"2015-01-22T17:46:54.112484407+01:00","cookie_name":"SyncGatewaySession"}
curl -X POST localhost:4985/gw/_user/ -H "Content-Type:application/json" -d '{"name":"andrew", "password":"secret"}'
--
P.S. I have the latest build from source code, master branch. Pretty standard configuration w/o guest users.
On Jan 21, 2015, at 8:56 PM, Andrew Tokarev <andy.t...@gmail.com> wrote:
I probably was confused that _session API is only described for Admin Rest API:
On Apr 20, 2015, at 3:07 AM, atom992 <yangzi...@gmail.com> wrote:How can I change the default expires time when I use 4984 port?
On Apr 20, 2015, at 6:51 PM, atom992 <yangzi...@gmail.com> wrote:I want to auth user by 4984 with custom auth, not Facebook or persona auth. and I want to set expires time to 3 month, because I want user needn't relogin in 3 month.
btw, I wann't to add extra auth server, because If so, I need to sync account info between auth server with sync Gateway.