Hi, I've seen this issue come up a couple of times. A CouchApp behind a vhost+_rewrite wants to access certain server-level resources like _session, but cannot because insecure rewrites are disabled. Would there be a problem with providing some of these resources at the DB level as well as the server level? _session and _uuids both seem safe and useful.
Adam
