FW: [dev] Single Sign-On

[Thomas Fichtenbauer]

Quoting Thomas Fichtenbauer <thomas.fichtenbauer@mamilade.at>:

> But your hint of simply letting the sessions expire will
> probably work, as long as no user settings or other data
> is stored in the session variables. To let the session
> expire will change the cookie and reset all variables.
> But this should be OK if all preferences are saved to the
> backend database.

Correct.

> It would save overhead for the Auth:getAuth() call, however
> I am not really happy with that. Is there a situation
> where the user may loose other data?

Long email messages being composed are the only real example, and there is
some code in HEAD to start working around that now.

> Chuck, I just saw that I writing to you directly, not to the
> list. Fine with me, but would you prefer to discuss that on
> the list?

Please keep discussion on the list. IMP has a "reply-to-list" feature; not
sure about other mailreaders.

-chuck

--
Charles Hagenbuch, <chuck@horde.org>
"People ask me all the time what it will be like living without otters."
 - Google, thanks to Harpers