Hello Gary,

> The one thing that I'm trying to do (which may exacerbate the problem
> is):
>
>     * 'clog' as user X
>     * perform a number of operations on files/directories, owned by X
>     * 'cunlog'

as Greg pointed out it is going to create problems if you cannot guarantee
strong connection. Let you use different local uids for different Coda
ones.

But the problem should be taken into consideration even for plain user
logins/logouts.

I think Jan was talking once about a possibility of a "lazy" cunlog that
would destroy tokens after the files having been reintegrated.

For the time being I would suggest not using cunlog at logouts - you open
your coda files to root for several extra hours (if the machine becomes
compromized between the logout and token expiration), but make it a lot
safer for the cached changes to find their way to the servers.

(Essentially, it would be not hard to let a cron job to clean credentials
that do not have associated processes, nor CML entries.)

Regards,
--
Ivan