Would it be possible to use that to auth other webapps over SOGo? Like some kind of "cheap" SSO?
On Thu, Nov 18, 2010 at 8:28 PM, Ben <bugrepor...@vescentphotonics.com> wrote: > >> For those who don't want to store "basic username:password" as user cookie >> on the browser, we decided to publish the apache module we use here to >> anonymize the session cookie. >> >> It refers to request nr 000698, >> http://www.sogo.nu/bugs/view.php?id=698 >> >> The obfuscation/anonymization with user key is done by an apache module, >> it can be found here: >> >> http://southbrain.com/software/sogosession/ >> >> Be sure to read >> >> http://southbrain.com/software/sogosession/NOTICE >> >> before. > > I just want to give a shout-out and say thanks. I just upgraded to 1.3.4 and > compiled and installed the apache module and it works great. Easy to setup. > I've added a cron job to delete stale sessions after a timeout. Better > security and the timeout is great as users often close the webmail tab (not > browser) without logging off and before when that happens someone could go > to the webmail url and access their mail. Any thoughts from the sogo team > from including this in SOGo official? > > Ben > > > > > > > > -- > users@sogo.nu > https://inverse.ca/sogo/lists > -- users@sogo.nu https://inverse.ca/sogo/lists