On Fri, Oct 10, 2014 at 12:35 PM, David Woodhouse <dwmw2 at infradead.org> wrote: > On Fri, 2014-10-10 at 11:39 +0200, Nikos Mavrogiannopoulos wrote: >> Hello, >> It seems that openconnect_clear_cookie() only clears the cookie used >> for authentication. Shouldn't that also clear any other cookies sent >> by the server, i.e., call clear_cookies() as well? Otherwise there is >> no other way to clear the server's state and retry. >> >> My use case is a server (ocserv) on which I tried a password which is >> no longer valid. In order to retry a user-provided password I need to >> clear all server's state (e.g., cookies), and there is no way to do >> that as I see. Would it make sense to extend >> openconnect_clear_cookie() for that? > Hm, isn't openconnect_clear_cookie() just one of those semi-pointless > security things to avoid leaving the cookie around in memory after we're > done? > I think what you actually want is openconnect_reset_ssl(), which has > been used for 'reset everything to base state' by the NetorkManager > auth-dialog since the beginning. It doesn't clear the cookies though :(
