Hi, generally speaking: yes we do create a session and send back the cookie to the client and you can reuse it on follow up requests. In case you are not sending back the cookie to the owncloud server and only use basic auth in each request a new session will be created for each request.
I assume you are talking about CalDAV and CardDAV endpoints - right? Generally speaking the use of session in WebDAV is not advised/allowed as per specs/convention - we added cookie support for performance reasons with our own clients. We are reevaluating this as and might drop sessions/cookies fully in the future. Regards, Tom PS: Please consider https://central.owncloud.org next time when you have questions. THX September 11, 2018 12:19 AM, "John Bieling" <john.biel...@gmx.de (mailto:john.biel...@gmx.de?to=%22John%20Bieling%22%20<john.biel...@gmx.de>)> wrote: Hi, we are currently investigating the cookie management of lightning/thunderbird when two or more connections from the same endpoint to the same server but with different user authentications are used. Is owncloud actually generating individual "sessions" for each user or will all users be on the same session (which does not work of course)? We currently only have one cookie store per server/origin and are evaluating if it is worth to change that. If owncloud is not generating individual sessions, this would be useless of course. At the moment, the only way to have two or more connections to the same server but with different user authentications is by rejecting cookies. Is there any drawback from rejecting cookies besides more overhead on the servers auth module? Are there any security issues? Thanks for your help, John
_______________________________________________ Devel mailing list Devel@owncloud.org http://mailman.owncloud.org/mailman/listinfo/devel
