Autologin should be built in

[timtraver]

Hi all,

ok, I've used the autologin plugin to be able to post logins to the roundcube client from a control panel for my email users.

I have gotten it to work without much of a problem, but I've run in to an issue where the roundcube sessions are so sticky, that if you don't "Log out" of the client before you try and do a new autologin, it simply will resume the older session.

I've tried to modify some of the autologin code to delete the session cookies and continue on with the new login, but to no avail.

So, I need some help in killing the old session while logging in with a new user. Of course, it occurred to me (and some others that I have read in this forum), that this kind of functionality should be built in to the roundcube base, as it is a very basic and heavily used function...

Anyone agree? or is there anyone that can help me with what I am trying to accomplish?

Thanks,

Tim

[JohnDoh]

i've never used the autologin plugin so i'm not certain but i'm sure it can be modified to  kick any existing sessions out when its run. try this:

1) change the task from

Code: [Select]

public $task = 'login';to

Code: [Select]

public $task = 'login|mail';
2) add code to kill existing sessions before

Code: [Select]

// change action to login
if (empty($_SESSION['user_id']) && !empty($_GET['_autologin']) && $this->is_localhost())
  $args['action'] = 'login';add

Code: [Select]

// purge the session in case of new login when a session already exists
if (!empty($_SESSION['user_id']) && !empty($_GET['_autologin']))
  $rcmail->kill_session();

So, I need some help in killing the old session while logging in with a new user. Of course, it occurred to me (and some others that I have read in this forum), that this kind of functionality should be built in to the roundcube base, as it is a very basic and heavily used function...

I disagree, different people will have different applications which they want to integrate Roundcube into and therefore need to perform different actions in order to do that, there is no way that so much variation can be accounted for in the core. The plugin API allows everyone to create their own auto login which will work exactly as they want. I think it is the simplest and most flexible approach.

I think it’s like the change password function, there is no way that can be built into the core because everyone will have different backend setups, the password plugin with the drivers system allows everyone to create a function that will work on their setup.

[timtraver]

Thanks! that did it...I think it was just putting the rcmail->kill_session in the right place.

That brings up another question about multiple logins, but I will address that in a new thread.

Yeah, I see your point about a custom login, although I do think that a generic enough autologin could be made that would be easier to use, and be included in the default plugins that are in the tarball...

I appreciate the help with this one though!

Tim