Hello, I have a similiar question as the one before. ;)
What should a server do when he receives an <auth/> after a successfull negotiation?
RFC 6120 6.4.2 only defines what happens when the authentication isn't completed but not what happens when the authentication was completed.
Maybe a <failure/> with <malformed-request/>. Or should the server proceed and throw away the authentication done before?
It's easy to fool clients into doing that, just announce <mechanisms/> in <features/> when the stream got restarted after successfull authentication. That itself isn't the correct thing to do, but happens. ;)
Regards, Alexander _______________________________________________ JDev mailing list Info: http://mail.jabber.org/mailman/listinfo/jdev Unsubscribe: [email protected] _______________________________________________
