Roundcube Community Forum
News and Announcements => General Discussion => Topic started by: abatie on September 10, 2018, 02:46:15 PM
-
I'm trying to build a script to handle indirect auto-login to Roundcube (i.e. a non-roundcube login page to handle some business logic); tshark shows sending the right request and cookies, but roundcube reports "session invalid or expired". The only thing I can think of is that the session id is tied to an ip address? Are there any other restrictions or associations with a session id that could be causing this? Thanks...
-
Roundcube has some protections regarding the login, look at the autologon plugin that comes with Roundcube that includes the changes to bypass those checks.
-
If the solution requires, modifying Roundcube, we're out of luck. While what we're trying to do is legitimate, it's indistinguishable from a man-in-the-middle attack. It sounds like we'll have to do a full proxy then...
-
I wouldn't call a plugin modify Roundcube but if you don't have any access to make any changes you wont be able to remotely login.