On 10-12-28 3:42 PM, Jan-Frode Myklebust wrote:
Couldn't this also be the same string as is stored server side for the
secured session cookie, and xor'ed when checking validity ?
Yes but that wouldn't work with other authenticators - like the proxy
one (for WebAuth or Apache authentication) or the DAV one (for all DAV
clients, like Thunderbird, Apple iCal / iPhone, etc.).
--
Ludovic Marcotte
[email protected] :: +1.514.755.3630 :: www.inverse.ca
Inverse inc. :: Leaders behind SOGo (www.sogo.nu) and PacketFence
(www.packetfence.org)
--
[email protected]
https://inverse.ca/sogo/lists
