I dont think anyone really wants to remove CSRF tokens from the login
page. They have a use, no matter how small the risk. The protection is
basically against people that dont have access to your login screen,
but somehow manage to (make you) post to your login screen anyways.
Thats enough reason to have sessions in the login screen, and Rosali
should probably use a shell script to run those crontabs. Thats a much
cleaner solution.
* what if your mailserver has rate-controls
Well, stop clicking that forged link then :)
Cor
http://trac.roundcube.net/ticket/1489912
_______________________________________________
Roundcube Development discussion mailing list
dev@lists.roundcube.net
http://lists.roundcube.net/mailman/listinfo/dev
