Tbanks; this looks good. But we should really be using gnome-keyring for storing the cookie, not gconf. That way it's much less likely that it'll 'leak'. I think we can get away with enabling this behaviour by default then. We should probably make some attempt to remember the lifetime of the cookie too, so we don't try to use it when we *know* it's already timed out. > I'm stuck on this step: if it fails on cookie, jump to ask > username/password inputs from user. It always tries to use cookie. Yeah, I suspect it's best to try to validate the cookie directly, rather than passing it to openconnect and praying. We can implement a 'test-cookie' option in (lib)openconnect, which can either try a CONNECT request, or hopefully there's a way to use the cookie with an HTTP GET request that'll tell us if it's working too. Not sure about sending SIGKILL immediately -- that may upset the people who had the issues which made me implement the BYE packet in the first place. Perhaps we need an option to avoid the BYE on disconnect (which would be nice in other situations too). -- dwmw2