we are currently investigating the cookie management of lightning/thunderbird when two or more *Dav connections from the same endpoint to the same server but with different user authentications are used. Is owncloud actually generating and maintaining individual “sessions” for each user or will all users be on the same session (which does not work of course)?
We currently only have one cookie store per server/origin and are evaluating if it is worth to change that. If owncloud is not maintaining individual sessions, this would be useless of course.
At the moment, the only way to have two or more connections to the same server but with different user authentications is by rejecting cookies.
Is there any drawback from rejecting cookies besides more overhead on the servers auth module? Are there any security issues?
Thanks for your help,