Invalid request: default login page not working

[HLFH]

$request_valid is returned false but username and password are correct. In index.php:

$request_valid = !empty($_SESSION['temp']) && $RCMAIL->check_request();

The check_request() public function from https://github.com/roundcube/roundcubemail/blob/release-1.6/program/lib/Roundcube/rcube.php seems faulty.

The login of this page https://mail.example.com does not work (it raises an invalid request error) but this page https://mail.example.com/?_task=login works. When https://mail.example.com sign in does not work, it redirects to https://mail.example.com/?_task=login that works (but where I have to login again). It seems weird.

Version: 1.6.6

EDIT: it seems this code is raised:

        if (empty($_COOKIE[ini_get('session.name')]) || $token !== $sess_tok) {
            $this->request_status = self::REQUEST_ERROR_TOKEN;
            return false;
        }

The cookie is empty and $token differs from $sess_tok.

[HLFH]

May be related to: https://github.com/roundcube/roundcubemail/issues/8194

Some of the response headers: Date: Wed, 24 Apr 2024 07:39:58 GMT Expires: Wed, 24 Apr 2024 06:31:18 GMT Last-Modified: Wed, 24 Apr 2024 06:31:18 GMT

I added:

        expires off;
        add_header Cache-Control "no-cache, private, must-revalidate";

Within location ~ .php$ { section of the Roundcube nginx configuration.

[alecpl]

No one has such issues, so I suppose something's wrong with your Roundcube setup. Try to get help on mailing list or forum.