What about security token, can we have it without session?
no
but you don't need a token nor a session if(PHP_SAPI == 'cli')
if(PHP_SAPI != 'cli')
{
// session code;
}
I think that's not the point, because sessions are not started in CLI
mode. See rcube.php, session_init:
// start PHP session (if not in CLI mode)
if ($_SERVER['REMOTE_ADDR']) {
$this->session->start();
}
Not all crons run in CLI mode. You can't run in CLI mode if you want to
give users the ability to use external cronjob services unless you use a
script which is called by the external service by HTTP to start a shell
script.
If the session start is necessary for CSFR prevention then please think
about the suggested GET param (_nosess=1).
_______________________________________________
Roundcube Development discussion mailing list
dev@lists.roundcube.net
http://lists.roundcube.net/mailman/listinfo/dev
_______________________________________________
Roundcube Development discussion mailing list
dev@lists.roundcube.net
http://lists.roundcube.net/mailman/listinfo/dev
