If you integrate this into SOGo (which would be great -- I do not like
the idea of even temp cookies having plaintext passwords), I have a
feature request: session timeout. If someone leaves a connection idle
for X minutes, session is no longer valid. If I understand how this
patch is working, it shouldn't be hard to have postgres store the most
recent access time and every X minutes remove stale sessions.
Ben
Am 25.10.10 21:47, schrieb Ludovic Marcotte:
Thanks for this. What's the license of your code? If appropriate, we
could integrate it directly in SOGo instead of relying on an Apache
module.
Consider it as public domain.
I am not used to Objective-C, so I tried to set it up as an apache
module. It is a workaround. And stil no direct password is stored on
the server, this is what I wanted.
--
users@sogo.nu
https://inverse.ca/sogo/lists