OK, I got it working but I had to comment out part of the code in index.php:

/*-------------------------------------*
// try to log in
if ($_action=='login' && $_task=='mail')
  {
  $host = $_POST['_host'] ? $_POST['_host'] : $CONFIG['default_host'];
 
  // check if client supports cookies
  if (empty($_COOKIE))
    {
    show_message("cookiesdisabled", 'warning');
    }
  else if (isset($kuser) && isset($kpass) && rcmail_login($kuser, $kpass, $host))
    {
    // send redirect
    header("Location: $COMM_PATH");
    exit;
    }
  else
    {
    show_message("loginfailed", 'warning');
    $_SESSION['user_id'] = '';
    }
  }

// end session
else if ($_action=='logout' && isset($_SESSION['user_id']))
  {
  show_message('loggedout');
  rcmail_kill_session();
  }

// check session cookie and auth string
else if ($_action!='login' && $sess_auth && $_SESSION['user_id'])
  {
  if ($_auth !== $sess_auth || $_auth != rcmail_auth_hash($_SESSION['client_id'], $_SESSION['auth_time']) ||
      ($CONFIG['session_lifetime'] && isset($SESS_CHANGED) && $SESS_CHANGED + $CONFIG['session_lifetime']*60 < mktime()))
    {
    $message = show_message('sessionerror', 'error');
    rcmail_kill_session();
    }
  }

/*-------------------------------------*/