I’m writing a web application that communicates with Couchbase Sync Gateway using PouchDB synchronization. For authentication I use CORS requests with the javascript fetch API to POST to the _session endpoint with username and password (and credentials: "include"), which works fine. I encountered a problem though when the password of the user is changed. Doing so obviously invalidates the session cookie. Unfortunately, this makes it impossible to obtain a new session: deleting the session cookie in my application does not work because sync gateway runs on another URL. Subsequent POST requests to _session return 401, even if the new credentials are included in the request body. I hoped that a DELETE request to the _session endpoint would help me, but this also results in 401 all the time (using credentials: "include").
Is there any way that I’m missing to get rid of the session cookie in order to obtain a new one?