[OGo-Users] ogo session information handling

[Sebastian Reitenbach]

users@opengroupware.org wrote: 
> On 29.02.2008, at 14:43, Sebastian Reitenbach wrote:
> > I am wondering, how ogo keeps track of active sessions, does it save  
> > the
> > session id's like PHP on the filesystem somewhere?
> 
> Technically this is a pluggable mechanism (WOSessionStore), but for  
> practical reasons everything is kept in RAM.
> 
> > How are the differences between accessing ogo with and without cookies
> > enabled in the browser?
> 
> Don't know. You can put the SOPE session id into a cookie which allows  
> you to open links from a native mail client w/o relogin. But using  
> cookies for authentication tokens is vulnerable to XSS attacks, so its  
> better to turn that off and keep the sids in the URL.
> 
> I have some plans to introduce 'authentication tokens', but this may  
> not be what you want.
actually I am looking into a way to speed up my private ogo instance a bit, 
as I wanted to open it for the rest of family and some friends.
As I am running OpenBSD, I doubt that I get the snsd for it, and especially 
not for free ;) 
So I thought about ways how I can do sth. equivalent, just without the snsd.
As I am running OpenBSD anyways, I just got the idea, taking a look at the 
relayd, and it seems, it is exactly what I am looking for:
http://www.openbsd.org/cgi-bin/man.cgi?query=relayd&sektion=8&arch=i386&apropos=0&manpath=OpenBSD+Current

unfortunately it seems that I ran into this bug yesterday evening, that 
right now exists in relayd in OpenBSD -current. However, I'll go reinstall 
another box with a plain OpenBSD 4.2 today, and try the hoststated (the 
hoststated got renamed to relayd after the 4.2 release) there.

I'll let you know how that works out.

thanks
Sebastian