Is there a "proper" way for Roundcube plugins to be accessing/writing to session data? I was assuming that $_SESSION would be okay, but it seems that if you are putting data in $_SESSION before the authenticate hook it will be killed by $RCMAIL->kill_session(); on line 76 of index.php.

Having debugged it through xdebug, it seems as if the session data is being killed by rc.

Here is what I am seeing:

• library is called from plugin "startup" hook. This forces an unauth'd

session to redirect to url of login service to establish authentication credentials

• once auth'd it redirects back to the Roundcube url with

$_SESSION['phpCAS'] set

• again plugin "startup" hook is called, but $_SESSION['phpCAS'] exists

so session is authenticated so startup hook sets $startup['action'] = 'login'

• index.php evaluates ($RCMAIL->action=='login' &&

$RCMAIL->task=='mail') to true and executes $RCMAIL->kill_session(); on line 76 of index.php

• $_SESSION['phpCAS'] gets nuked

Is there a way of saving and restoring phpCAS so that when authenticate hook is called it will exist in $_SESSION?

List info: http://lists.roundcube.net/dev/