I started a session using the sync gateway admin port and received the following response:
HTTP/1.1 200 OK
Content-Length: 135
Content-Type: application/json
Server: Couchbase Sync Gateway/1.1.0
Date: Tue, 21 Jul 2015 04:06:13 GMT
{"session_id":"04eed361dbe9461f9c6f341af25685a30debaf8c","expires":"2015-07-22T04:06:13.232131449Z","cookie_name":"SyncGatewaySession"}
Now that I have a session, I want to get a document. So I follow this up with:
curl -i -X GET \
-H "Content-Type:application/json" \
-H "Cookie:SyncGatewaySession=04eed361dbe9461f9c6f341af25685a30debaf8c" \
'http://104.154.90.14:4984/{db}/doc1'
And I get 403 forbidden…
What’s the proper way to share my session id in subsequent requests?
Guest is disabled.
Kind regards,
adamf
July 21, 2015, 5:14am
2
The curl looks correct to me. Are you sure your user has access to doc1? You’ll get a 403 if they don’t have access to the document - if they weren’t authenticating properly, you would be getting a 401 unauthorized.
1 Like
Oh ok. So i need to look at the channel settings?
If the user created doc1, does he automatically have access to reading it? Does he automatically have overwrite (put) access as well?
Kind regards,
andy
July 21, 2015, 2:38pm
4
@dbergan
The user will only be able to read doc1 if it is mapped to a channel the user has access to.
Write access is controlled via the sync function using one or more of the require() functions e.g. requireUser().
If you don’t apply any restrictions in the sync function then anyone will be able to update any document if they know the document name.
Andy
1 Like