[RCD] Roundcube session management

Reindl Harald h.reindl at thelounge.net
Thu May 22 12:10:17 CEST 2014


Am 22.05.2014 10:41, schrieb Rosali:
> Not all crons run in CLI mode. You can't run in CLI mode if you want to give users the ability to use external
> cronjob services unless you use a script which is called by the external service by HTTP to start a shell script.

which completly defeats the idea of CSRF

> If the session start is necessary for CSFR prevention then please think about the suggested GET param (_nosess=1)



-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 246 bytes
Desc: OpenPGP digital signature
URL: <http://lists.roundcube.net/pipermail/dev/attachments/20140522/8a00c48c/attachment.sig>


More information about the dev mailing list