diff -Nru index.php index.php
--- index.php	2011-06-02 14:36:57.000000000 +0100
+++ index.php	2011-06-08 15:04:32.724026787 +0100
@@ -78,7 +78,9 @@
   $request_valid = $_SESSION['temp'] && $RCMAIL->check_request(RCUBE_INPUT_POST, 'login');
 
   // purge the session in case of new login when a session already exists 
-  $RCMAIL->kill_session();
+  // but keep it if told so. Some authenticate hooks may use redirections (ex. SSO systems)
+  // and multiple passes and may need to keep the session to complete authentication 
+  $_SESSION['keep_session'] || $RCMAIL->kill_session();
 
   $auth = $RCMAIL->plugins->exec_hook('authenticate', array(
     'host' => $RCMAIL->autoselect_host(),