When using nginx to proxy back to a fossil repo, it's easy to either uncheck once in production or leave unchecked to start. Not unsolvable, but it would be ideal to have "Require password for local access" checked by default or removed all together in favor of the following behavior.

I understand that option is there to facilitate local logins via "fs ui" but it seems like a better alternative would be to make "fs ui" perform the following:

<ol>
<li>User calls <code>fs ui</code> from the command line</li>
<li><code>fs ui</code> injects a valid one-time use token in to the sessions table</li>
<li><code>fs ui</code> then calls web-browser with something like <code>http://127.0.0.1:8080/my_repo/auto-login?token=abcdef0123456789abcdef0123456789</code> which issues the user a login cookie and removes the one-time use token from the database</li>
</ol>

This step would go a long ways towards a "secure by default" policy for Fossil.