Hi guys,
I am creating a website where users login to my main site. To keep things secure, I am using SSL along with client side simple hashing of password + server side SHA512 bit hashing. Once users are logged in, I want to have a link for them to go directly to roundcubemail without logging in (same credentials). I have been reading up on the autologin plugin, but I'm not sure it fits my needs. Since the user's actual password is never stored anywhere (client or server side -> for security purposes) , how can I pass in their password hash and log them into roundcube? Is there some way for me to just tell roundcube that I verify the user and that they can be logged in? If not, is there any other solution that I could implement without sacrificing security? Thanks in advance for the help!