> Oh, and last but not least, SSL support in core! :D
That was meant to be in the developer section. (Details: The default session.inc now handles two cookies (real voodoo) and there is a form API paramater (#https) and an url option (https) but that's it. No end user support was added because I felt it's very very site dependent on what must go to HTTPS and can stay on HTTP.)
