Implement sessions #6
Description
Like sudo, after authenticating the password shouldn't be required for a while.
- Sessions should be indexed by the user's SID and session - if
LOCALDOMAIN\aliceis authenticated in the physical machine session, this should not automatically grant access to her login via remote desktop or ssh (or should it?). - Sessions should expire when the machine sleeps.
- The client should check for an active session before prompting for credentials.