Same user logged in multiple times from different devices


#1

I am using the admin API to authenticate users and create Couchbase sessions. When I try to create a session for the same user from multiple devices, a new session is created (good) but the previous session is abandoned and no longer usable. When attempting to make any requests from the first user who authenticated, a 401 unauthorized is returned.

Other posts I have seen indicate that this is possible, but in practice it doesn’t seem to work.

Is there any way to have multiple active sessions for a single user account in Couchbase server?


#2

Hi pkramer,

Can you please explain which version of Couchbase Server you are using?

Also, how are you attempting to create these sessions? Can you please share a simple script to re-pro the issue?

Thanks,
Don Pinto
Couchbase Server - Product Management


#3

I am creating the sessions via the Admin REST API by doing the following (I am using Postman to submit the HTTP requests):

POST /default/_session HTTP/1.1
Host: couchbase1:4985
Content-Type: application/json
Cache-Control: no-cache
Postman-Token: 425bb55a-5184-93e4-61b7-09d0fe7f3acb

{
“name” : “username”
}

This returns a new session:

{
“session_id”: “531d7826ab6c85ebe4e47c6199c7dbc38121093b”,
“expires”: “2016-05-13T11:15:45.513409-06:00”,
“cookie_name”: “SyncGatewaySession”
}

Then I can add a document:

POST /default/ HTTP/1.1
Host: Couchbase1:4984
Content-Type: application/json
Cookie: SyncGatewaySession=531d7826ab6c85ebe4e47c6199c7dbc38121093b
Cache-Control: no-cache
Postman-Token: 5d3bf202-8c55-2a28-1fd1-e4c20259f8cb

{
“text”: “Hello world”
}

This returns a 200 OK:

{
“id”: “b255bc1a29561d29d3afd66d167760f3”,
“ok”: true,
“rev”: “1-50a6bdae6737196882f41b374831d017”
}

Now, if I switch to a different device and log in using the same username as before, the original session no longer works when submitting new documents:

POST /default/ HTTP/1.1
Host: Couchbase1:4984
Content-Type: application/json
Cookie: SyncGatewaySession=531d7826ab6c85ebe4e47c6199c7dbc38121093b
Cache-Control: no-cache
Postman-Token: 7a210bba-cfad-c4a8-b1e4-b53fe5bfc0e3

{
“text”: “Hello world”
}

401 Unauthorized:

{
“error”: “Unauthorized”,
“reason”: “Login required”
}

Version: 4.0.0-4051 Community Edition (build-4051)


#4

So, if I’m understanding right, these are sync gateway sessions, correct?

CC: @zgramana

Thanks,
Don Pinto
Couchbase Server Product Management


#5

I’m still learning about the product, so maybe? Wherever the admin API resides for creating sessions, users, etc. Also, I updated my post with the version I am using.