Welcome,
Guest
. Please
login
or
register
.
Did you miss your
activation email
?
1 Hour
1 Day
1 Week
1 Month
Forever
Login with username, password and session length
Home
Help
Search
Login
Register
Roundcube Community Forum
»
News and Announcements
»
General Discussion
»
Session management
« previous
next »
Print
Pages: [
1
]
Author
Topic: Session management (Read 2414 times)
abatie
Newbie
Posts: 2
Session management
«
on:
September 10, 2018, 02:46:15 PM »
I'm trying to build a script to handle indirect auto-login to Roundcube (i.e. a non-roundcube login page to handle some business logic); tshark shows sending the right request and cookies, but roundcube reports "session invalid or expired". The only thing I can think of is that the session id is tied to an ip address? Are there any other restrictions or associations with a session id that could be causing this? Thanks...
Logged
SKaero
Administrator
Hero Member
Posts: 5,882
Re: Session management
«
Reply #1 on:
September 10, 2018, 11:26:09 PM »
Roundcube has some protections regarding the login, look at the autologon plugin that comes with Roundcube that includes the changes to bypass those checks.
Logged
SK
aero
abatie
Newbie
Posts: 2
Re: Session management
«
Reply #2 on:
September 11, 2018, 01:56:38 PM »
If the solution requires, modifying Roundcube, we're out of luck. While what we're trying to do is legitimate, it's indistinguishable from a man-in-the-middle attack. It sounds like we'll have to do a full proxy then...
Logged
SKaero
Administrator
Hero Member
Posts: 5,882
Re: Session management
«
Reply #3 on:
September 11, 2018, 02:11:24 PM »
I wouldn't call a plugin modify Roundcube but if you don't have any access to make any changes you wont be able to remotely login.
Logged
SK
aero
Print
Pages: [
1
]
« previous
next »
Roundcube Community Forum
»
News and Announcements
»
General Discussion
»
Session management