Ok, I saw that things were a little more complicated. I realised that a identity is automatically added after first login. I've now used a "quick and dirty" method to force users to check their identities. Am setting a session after the user has entered the identities screen, and I use the following to redirect the user if the session has not been set (./index.php):
// log in to imap server
if (!empty($_SESSION['user_id']) && $_task=='mail') {
$id_updated = isset($_SESSION['id_updated']) ? $_SESSION['id_updated'] : 0;
if ( empty($id_updated) ) {
header( "Location: ./?_task=settings&_action=identities" );
exit;
} else {
$conn = $IMAP->connect($_SESSION['imap_host'], $_SESSION['username'], decrypt_passwd($_SESSION['password']), $_SESSION['imap_port'], $_SESSION['imap_ssl']);
if (!$conn) {
show_message('imaperror', 'error');
$_SESSION['user_id'] = '';
} else {
rcmail_set_imap_prop();
}
}
}