Supply session cookie in email link to prevent XSS warning


My users complain that is too hard to take a ticket before working it. I do not share this sentiment, but I am trying to address it.

I recently modified a template to include “Take,” “Reject,” and “Resolve” links in notification emails. Unfortunately my solution still has the same number of clicks (2) as clicking a link to the ticket and then clicking Take within the RT web UI. This is because the link from email generates a cross site request forgery notice.

Is there a way to include a link in an email template to an action and avoid the CSRF forgery notice?