Youre hint with GET was the key, I changed autologon.php from _GET to _POST and it worked NEARLY. But the cookie problem still existed. For this I found a sniplet from a guy, who modified the autologon plugin to something called autologIN himself. he added to funktion startup:
// set initial cookie without this cookie login is not possible
$_COOKIE['roundcube_sessid'] = session_id();
I think, whatever method will be used, post or get, everybody who uses the autologon.php could have the cookie problem. This plugin is part of a stable release. So you guys should think about to add this line to the next stable release. For better understanding, here is, what I got now working:
login.php:<?php
echo '
<form name="roundcubelogin" action="https://mydomain.com/webmail/?_task=mail" method="post" target="roundcube">
<input type="hidden" name="_autologin" value="1" />
<input type="hidden" name="_user" value="xxx" />
<input type="hidden" name="_pass" value="yyy" />
</form>
<a href="#" onclick="document.forms.roundcubelogin.submit()">Webmail</a>
';
?>
autologon.php<?php
class autologon extends rcube_plugin
{
function init()
{
$this->add_hook('startup', array($this, 'startup'));
$this->add_hook('authenticate', array($this, 'authenticate'));
}
function startup($args)
{
$rcmail = rcmail::get_instance();
// change action to login
if ($args['task'] == 'mail' && empty($args['action']) && empty($_SESSION['user_id']) && !empty($_POST['_autologin']))
$args['action'] = 'login';
// set initial cookie without this cookie login is not possible
$_COOKIE['roundcube_sessid'] = session_id();
return $args;
}
function authenticate($args)
{
if (!empty($_POST['_autologin'])) {
$args['user'] = $_POST['_user'];
$args['pass'] = $_POST['_pass'];
if (!empty($_POST['_host']))
$args['host'] = $_POST['_host'];
}
return $args;
}
}