On Wed, Mar 5, 2008 at 4:34 PM, scar <[EMAIL PROTECTED]> wrote: > ... > there was no bug in the add-on; i saw the change to the cookie take > place. it is a problem with the website/webmaster.
the modification (secure only = true) must be made with every updated expiration / set cookie received, otherwise a session refresh / save will save without the secure only option enforced. it might be easiest to extend the existing modify headers extension to alter incoming cookie parameters... (and if you find out, document in the wiki :)
