_session endpoint with username and password (and
credentials: "include"), which works fine. I encountered a problem though when the password of the user is changed. Doing so obviously invalidates the session cookie. Unfortunately, this makes it impossible to obtain a new session: deleting the session cookie in my application does not work because sync gateway runs on another URL. Subsequent POST requests to
_session return 401, even if the new credentials are included in the request body. I hoped that a DELETE request to the
_session endpoint would help me, but this also results in 401 all the time (using
Is there any way that I’m missing to get rid of the session cookie in order to obtain a new one?