While creating a login form to be embedded on our clients home pages I found that on the regular login page a hidden input field named _token is present. Does somebody know what it is for?
Thank's for any input!
I don't think this token value is necessary for the login. Roundcube adds this field to every form to cross check if the request is submitted by an authenticated session. I haven't checked it, but IMO there should be no cross check for the login action.