Our Xauthority file is current located in /var/opt/thinlinc/sessions/<user>/, which does not seem to be a standard location for Xauthority to be located.
On both Ubuntu and Fedora, Xauthority is located in $XDG_RUNTIME_DIR, which equals to directory /run/user/<uid>/ on those dists. As a consequence, display managers like GDM and Mutter place their Xauthority files in /run/user/<uid>/.
Through bug 7788, we found out that snap applications do not open in ThinLinc out of box, since snap only seem to look for the Xauthority file in a limited number of locations . Since we do not conform to the norm here, there might be other future programs that have the same issue as snap.
Note that bug 7788 added a (somewhat temporary) solution to the snap issue by setting SI:localuser:<username> when starting the ThinLinc session. This bug instead aims to solve the issue in a more futureproof way, by placing our files in a more expected location.
Some things to take into consideration when doing this bug:
1) More examples for $XDG_RUNTIME_DIR and Xauthority locations should be considered. A starting point could be looking at different dists and desktop environments to see if there is any common standard location for these.
2) Not everything in /var/opt/thinlinc/sessions/<user>/ should necessarily be moved, if the files do not fit in the new location.
E.g., if /run/user/<uid>/ turns out to be an alternative, directory /run/ in itself has some best practices to be followed. One example is that the files in /run/ should be relatively small, meaning that xinit.log should not be placed in that directory.