diff -rupN zarafa-webapp-1.3-40290/usr/share/zarafa-webapp/index.php zarafa-webapp-1.3-40290.patched/usr/share/zarafa-webapp/index.php
--- zarafa-webapp-1.3-40290/usr/share/zarafa-webapp/index.php	2013-01-21 13:39:43.000000000 +0100
+++ zarafa-webapp-1.3-40290.patched/usr/share/zarafa-webapp/index.php	2013-01-23 09:53:02.828723573 +0100
@@ -96,7 +96,7 @@
 		// and request the logon page.
 		header('Location: index.php' . $actionURI, true, 303);
 		exit;
-	} else if ($logon) {
+	} else if ($logon || !isset($_SESSION['username'])) {
 		// The user requested to logon. Check if credentials were provided
 		// or if the a remote user login is possible.
 		$username = ($_POST && array_key_exists('username', $_POST)) ? $_POST['username'] : '';
@@ -117,12 +117,12 @@
 
 		if (!DISABLE_REMOTE_USER_LOGIN){
 			// REMOTE_USER is set when apache has authenticated the user
-			if (!$_POST && $_SERVER && array_key_exists('REMOTE_USER', $_SERVER)) {
-				$_SESSION['username'] = $_SERVER['REMOTE_USER'];
+			if (!$_POST && $_SERVER && array_key_exists('PHP_AUTH_USER', $_SERVER)) {
+				$_SESSION['username'] = $_SERVER['PHP_AUTH_USER'];
 				if (LOGINNAME_STRIP_DOMAIN) {
 					$_SESSION['username'] = ereg_replace('@.*', '', $_SESSION['username']);
 				}
-				$_SESSION["password"] = '';
+				$_SESSION["password"] = $_SERVER['PHP_AUTH_PW'];
 			}
 		}
 	}