I started a session using the sync gateway admin port and received the following response:
HTTP/1.1 200 OK
Server: Couchbase Sync Gateway/1.1.0
Date: Tue, 21 Jul 2015 04:06:13 GMT
Now that I have a session, I want to get a document. So I follow this up with:
curl -i -X GET \
-H "Content-Type:application/json" \
-H "Cookie:SyncGatewaySession=04eed361dbe9461f9c6f341af25685a30debaf8c" \
And I get 403 forbidden…
What’s the proper way to share my session id in subsequent requests?
Guest is disabled.
The curl looks correct to me. Are you sure your user has access to doc1? You’ll get a 403 if they don’t have access to the document - if they weren’t authenticating properly, you would be getting a 401 unauthorized.
Oh ok. So i need to look at the channel settings?
If the user created doc1, does he automatically have access to reading it? Does he automatically have overwrite (put) access as well?
The user will only be able to read doc1 if it is mapped to a channel the user has access to.
Write access is controlled via the sync function using one or more of the require() functions e.g. requireUser().
If you don’t apply any restrictions in the sync function then anyone will be able to update any document if they know the document name.