For those who don't want to store "basic username:password" as user cookie on
the browser, we decided to publish the apache module we use here to anonymize the session
cookie.
It refers to request nr 000698,
http://www.sogo.nu/bugs/view.php?id=698
The obfuscation/anonymization with user key is done by an apache module, it can
be found here:
http://southbrain.com/software/sogosession/
Be sure to read
http://southbrain.com/software/sogosession/NOTICE
before.
I just want to give a shout-out and say thanks. I just upgraded to 1.3.4
and compiled and installed the apache module and it works great. Easy to
setup. I've added a cron job to delete stale sessions after a timeout.
Better security and the timeout is great as users often close the
webmail tab (not browser) without logging off and before when that
happens someone could go to the webmail url and access their mail. Any
thoughts from the sogo team from including this in SOGo official?
Ben
--
users@sogo.nu
https://inverse.ca/sogo/lists