I just upgraded my company's Roundcube installation from 0.5.3 to 0.7, and I have an interesting problem.
We have the force_https option set to true. In the past, if you went to the unencrypted address and tried to login, you would be redirected to the encrypted connection, and your login would succeed.
Now, if you go to the http address and try to login, you are not redirected to the encrypted connection, and you get an error stating that "Your session is invalid or expired" when you try to login.
Can anyone else confirm this error? It's not a show stopper, but it is a little annoying that the behavior is different. I'm sure to get complaints on Monday. *sigh*
Thanks,
Fred Bacon Aerodyne Research, Inc.