This is just a suggestion for future development.
We're currently using RoundCube from an environment outside of PHP (Python). It turns out that automatically logging someone in using the RoundCube session table & setting cookies is extremely picky. Having an errant space, for instance, can causes the entire authentication mechanisms to fail. Trying to replicate the exact process of a login is difficult, as it appears during the login process that the various authentication/checking functions are called numerous times.
It'd be nice in a future version to have an easy, secure way to log someone in from an outside system without faking a HTTP POST to the login form, e.g., an abbreviated version of a session in the database with a single cookie, that upon getting to the Roundcube URL, Roundcube then transforms it into a normal RC session.
Thanks for the great system!