Roundcube Community Forum

 

Hidden input field name _token

Started by synac, April 13, 2010, 03:10:21 PM

Previous topic - Next topic
Print
Go Down Pages1
User actions

synac

April 13, 2010, 03:10:21 PM
While creating a login form to be embedded on our clients home pages I found that on the regular login page a hidden input field named _token is present. Does somebody know what it is for?

Thank's for any input!

rosali

#1
April 13, 2010, 04:42:57 PM
I don't think this token value is necessary for the login. Roundcube adds this field to every form to cross check if the request is submitted by an authenticated session. I haven't checked it, but IMO there should be no cross check for the login action.
Regards,
Rosali
Print
Go Up Pages1
User actions