OK, I got it working but I had to comment out part of the code in index.php:<br><br>/*-------------------------------------*<br>// try to log in<br>if ($_action=='login' &amp;&amp; $_task=='mail')<br>&nbsp; {<br>&nbsp; $host = $_POST['_host'] ? $_POST['_host'] : $CONFIG['default_host'];
<br>&nbsp; <br>&nbsp; // check if client supports cookies<br>&nbsp; if (empty($_COOKIE))<br>&nbsp;&nbsp;&nbsp; {<br>&nbsp;&nbsp;&nbsp; show_message(&quot;cookiesdisabled&quot;, 'warning');<br>&nbsp;&nbsp;&nbsp; }<br>&nbsp; else if (isset($kuser) &amp;&amp; isset($kpass) &amp;&amp; rcmail_login($kuser, $kpass, $host))
<br>&nbsp;&nbsp;&nbsp; {<br>&nbsp;&nbsp;&nbsp; // send redirect<br>&nbsp;&nbsp;&nbsp; header(&quot;Location: $COMM_PATH&quot;);<br>&nbsp;&nbsp;&nbsp; exit;<br>&nbsp;&nbsp;&nbsp; }<br>&nbsp; else<br>&nbsp;&nbsp;&nbsp; {<br>&nbsp;&nbsp;&nbsp; show_message(&quot;loginfailed&quot;, 'warning');<br>&nbsp;&nbsp;&nbsp; $_SESSION['user_id'] = '';<br>&nbsp;&nbsp;&nbsp; }
<br>&nbsp; }<br><br>// end session<br>else if ($_action=='logout' &amp;&amp; isset($_SESSION['user_id']))<br>&nbsp; {<br>&nbsp; show_message('loggedout');<br>&nbsp; rcmail_kill_session();<br>&nbsp; }<br><br>// check session cookie and auth string
<br>else if ($_action!='login' &amp;&amp; $sess_auth &amp;&amp; $_SESSION['user_id'])<br>&nbsp; {<br>&nbsp; if ($_auth !== $sess_auth || $_auth != rcmail_auth_hash($_SESSION['client_id'], $_SESSION['auth_time']) ||<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; ($CONFIG['session_lifetime'] &amp;&amp; isset($SESS_CHANGED) &amp;&amp; $SESS_CHANGED + $CONFIG['session_lifetime']*60 &lt; mktime()))
<br>&nbsp;&nbsp;&nbsp; {<br>&nbsp;&nbsp;&nbsp; $message = show_message('sessionerror', 'error');<br>&nbsp;&nbsp;&nbsp; rcmail_kill_session();<br>&nbsp;&nbsp;&nbsp; }<br>&nbsp; }<br><br>/*-------------------------------------*/<br><br>