Sync gateway cookie access


#1

When we login into application using Sync gateway URL (“www.abc.com:3984/test/_session”) from client, on successful login response it set cookie named ‘SyncGatewaySession’ in browser which contains session id on couchbase. But I’m unable to access that cookie in client side application. I can see that in browser content setting tab (see screenshot: https://www.dropbox.com/s/qf24xm44t9l5jul/BrowserContentSettingViewUpdated.png?dl=0
https://www.dropbox.com/s/9cosxwa8xdwv5ur/ResourceTabInDeveloperToolUpdated.png?dl=0
)
My assumption is that our application is running on port 9000 (“www.abc.com:9000”) and we send request for login on “www.abc.com:3984/test/_session” from client so it is setting cookie for 3984 port and not for 9000 that’s why I’m not able to access it at client side.

Any solutions please?

Note: We need access to session cookie for deleting the session of specified device/browser and for that I need session id which is contain in a cookie.


#2

You can write a small service that handles the authentication on the admin port and returns the session id, then generate the cookie from your client. Although, cookies are not isolated by port, so there’s probably something else wrong

http://tools.ietf.org/html/rfc6265

For historical reasons, cookies contain a number of security and
privacy infelicities. For example, a server can indicate that a
given cookie is intended for “secure” connections, but the Secure
attribute does not provide integrity in the presence of an active
network attacker. Similarly, cookies for a given host are shared
across all the ports on that host, even though the usual "same-origin
policy" used by web browsers isolates content retrieved via different
ports.

Regards,
Vladimir