Hidden input field name _token

[synac]

While creating a login form to be embedded on our clients home pages I found that on the regular login page a hidden input field named _token is present. Does somebody know what it is for?

Thank's for any input!

[rosali]

I don't think this token value is necessary for the login. Roundcube adds this field to every form to cross check if the request is submitted by an authenticated session. I haven't checked it, but IMO there should be no cross check for the login action.