Improved System User Authentication: ArangoDB Security Upgrade

ArangoDB can easily be configured to require HTTP authentication for access to the web admin frontend or the REST API. But while Basic Auth works fine for APIs, the user experience in the web admin frontend was decidedly sub-par: browsers would often persist the authentication credentials indefinitely, logging out was made difficult or impossible and switching users was hit-or-miss.

The upcoming ArangoDB 2.6 release introduces cookie-based authentication for the web admin frontend, allowing you to side-step the issue altogether by using the built-in session manager instead of the low-level HTTP API authentication. When you start the ArangoDB process with the

server.disable-authentication option set to false and open the web admin frontend in the browser, instead of being prompted for a username and password by the browser, you will now see a web-based login screen:

Once you’ve logged in by entering your credentials, you can now log out using the user menu in the top right of the screen:

If you have administrative Foxx apps and want to use the same sessions used by the web admin frontend in your own apps, you can also use the built-in session storage app mounted at /_system/sessions directly. Sessions created by the web admin frontend will be visible to your Foxx apps and vice versa.