[RCD] Roundcube session management

Rosali myroundcube at mail4us.net
Fri May 23 16:19:09 CEST 2014


> I dont think anyone really wants to remove CSRF tokens from the login
> page. They have a use, no matter how small the risk. The protection is
> basically against people that dont have access to your login screen,
> but somehow manage to (make you) post to your login screen anyways.
> Thats enough reason to have sessions in the login screen, and Rosali
> should probably use a shell script to run those crontabs. Thats a much
> cleaner solution.
> 
>> * what if your mailserver has rate-controls
> 
> Well, stop clicking that forged link then :)
> 
> Cor
> 
http://trac.roundcube.net/ticket/1489912



More information about the dev mailing list