>> So your little bit would have to change the cookie content so that the browser is informed that this cookie is only >> to be sent over a secure connection? Only way I see to stop this behavior is for the cookie to be flagged. > <Directory "/usr/share/roundcube"> > php_admin_flag session.cookie_secure "1" > <Directory>
> > which is still explaind yesterday > http://php.net/manual/en/session.configuration.php#ini.session.cookie-secure Yes, I got that and now 'getting it'. Just nit-picking, you use "1" the manual says boolean with the default of off, so just two ways of representing boolean, numeric or label. In my way of thinking (hey, I am dyslexic) labels reduce confusion because there is only off and on (no maybes) while numeric raise a question of "2"...?