Quoting tao.6.yang@nokia.com:
Hi Michael, My question is, how to know the exact CAPABILITY after a user logged in, he'd have been able to know the CAPABILITY he really has. Simply, what should be followed as the CAPABILITY after a user logged in?
Whatever is returned by the CAPABILITY command. I guess I am not
understanding your question.
When in an unauthenticated state, the server doesn't need to broadcast
the capabilities of commands/features that the client *can't* use yet.
i.e. knowing the server supports UIDPLUS at the authentication stage
is pointless. Same thing after authenticating - the client could care
less what authentication options are available after logged in.
RFC 3501 states that the list of capabilities can change after the
STARTTLS or AUTHENTICATE/LOGIN commands are successful. Thus, the
only way to ensure that you have the correct list of capabilities is
to re-issue the command after each of these events, although recent
IMAP servers (i.e. Dovecot 1.2) will automatically list capabilities
in the response codes after these events so that the client doesn't
need to send an explicit CAPABILITY command. I believe this behavior
is suggested in the Lemonade profile.
michael