On Thu, May 22, 2014 at 7:03 AM, Rosali <[email protected]> wrote: > Roundcube starts a session even if a user is not logged in. Is it really > necessary? IMO, it isn't.
We use this to check whether the user's browser supports cookies. If the login request doesn't come with a valid session cookie, we can display a proper warning about disabled cookies. One can argue that this isn't necessary but that's a reason for starting session. But maybe we can move that check to the redirected page after login. ~Thomas _______________________________________________ Roundcube Development discussion mailing list [email protected] http://lists.roundcube.net/mailman/listinfo/dev
