https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=25360 --- Comment #1 from David Cook <dcook@prosentient.com.au> --- I'm debating with myself how best to implement it. On one hand, requiring a cookie to be sent over HTTPS could make legitimate automated testing harder/impossible, and not everyone necessarily has access to HTTPS (although the latter is less common all the time). Here's some thoughts: 1) Use a system preference to force it 2) Try reading $type and relevant *BaseURL system preference to determine whether a HTTP or HTTPS URL is defined (since we can't reliably determine HTTP vs HTTPS for proxied connections unless we used a header like X-Forwarded-Proto) That's about it for ideas right now. But open to other people's ideas. -- You are receiving this mail because: You are watching all bug changes. You are the assignee for the bug.