You have an Invision Power Board forum, don't you? You also have SSL enabled on the whole board don't you?
I've just tested it with my mate on my own project, I am also using IPB, unfortunately IPB did not enable auto-security or setting new cookies.
That means, that when a new session cookie is created, it will be sent through HTTP instead of HTTPS if it's transmitted in HTTP, but there is a very easy fix for this.
admin/sources/base/core.php
Find:
Code:
@setcookie( $_name, $value, $expires, $_path, $_domain, NULL, TRUE );
Change with:
Code:
@setcookie( $_name, $value, $expires, $_path, $_domain, TRUE, TRUE );
Or if it's a clean IPB installation (3.x) this is the line:
PHP DOCUMENTATIONS:
Code:
bool setcookie ( string $name [, string $value [, int $expire = 0 [, string $path [, string $domain [, bool $secure = false [, bool $httponly = false ]]]]]] )
PHP: setcookie - Manual
However, if you don't want to make these simple modifications to your IPB copy, you can simply do the following thing:
PHP.INI config file
Add OR Change to:
Code:
session.cookie_httponly = On
session.cookie_secure = On