[RCD] Roundcube session management

Thomas Bruederli thomas at roundcube.net
Thu May 22 10:16:28 CEST 2014


On Thu, May 22, 2014 at 7:03 AM, Rosali <myroundcube at mail4us.net> wrote:
> Roundcube starts a session even if a user is not logged in. Is it really
> necessary? IMO, it isn't.

We use this to check whether the user's browser supports cookies. If
the login request doesn't come with a valid session cookie, we can
display a proper warning about disabled cookies. One can argue that
this isn't necessary but that's a reason for starting session.

But maybe we can move that check to the redirected page after login.

~Thomas


More information about the dev mailing list