On Tue, Aug 23, 2011 at 12:50, Dominic Lüchinger <[email protected]> wrote: > Dear list members > > I wrote a custom login screen witch is grabbing the login cookies from > the RC login screen an this cookies are sent back to the client with a > redirect. > So far in RC 0.5.3 I had no problem in logging in with this method, > despite the introduction of the security tokens. > > In the current beta version 0.6 it seams that the cookies are changed on > every request during login. Is this correct?
Up until the login nothing changed so far. If login succeeds, Roundcube will generate a new session ID and cookie but this was already the case before 0.6. We now added a second cookie which is updated every few minutes to bring more security into active sessions. But this is only done and checked *after* login. > > I could narrow down my issue to the file > './program/include/rcube_session.php' (Line 575), but I don't completely > understand the code at this position. > > A advise would be nice. In order to give you more advice, please describe what you intend to do and at which point it fails. Regards, Thomas _______________________________________________ List info: http://lists.roundcube.net/dev/ BT/8f4f07cd
