22 May
2014
22 May
'14
8:16 a.m.
On Thu, May 22, 2014 at 7:03 AM, Rosali myroundcube@mail4us.net wrote:
Roundcube starts a session even if a user is not logged in. Is it really necessary? IMO, it isn't.
We use this to check whether the user's browser supports cookies. If the login request doesn't come with a valid session cookie, we can display a proper warning about disabled cookies. One can argue that this isn't necessary but that's a reason for starting session.
But maybe we can move that check to the redirected page after login.
~Thomas