* Don't generate token for /?js
* Update notification doc
* securize SOAP session creation by cipher
* Verify securedCookie=3 (strange)
* Test ForceAuth
* Calendar in notifications explorer
* Test for Zero
* "mail" in UserDB/*
* verify activeTimer on/off on screen
* Add test for #173

# Combination

* detect changes
* diff()

# Password

* Enable it during auth