http://localhost:8080/trac/ticket/520 <p> There is this warning displaying at <a class="ext-link" href="https://www.transitionnetwork.org/admin/reports/status"><span class="icon">​</span>https://www.transitionnetwork.org/admin/reports/status</a> </p> <pre class="wiki">Settings.php is not setup correctly. With the current configuration of 443 Session module, the following lines must be in settings.php. if (!empty($_SERVER['HTTPS']) &amp;&amp; $_SERVER['HTTPS'] != 'off') { ini_set('session.cookie_secure', 1); } </pre><p> Based on the check of what is happening with cookies done on <a class="closed ticket" href="http://localhost:8080/trac/ticket/371#comment:34" title="maintenance: Piwik Hosting (closed: fixed)">ticket:371#comment:34</a> and <a class="closed ticket" href="http://localhost:8080/trac/ticket/371#comment:36" title="maintenance: Piwik Hosting (closed: fixed)">ticket:371#comment:36</a> things are currently working OK, session cookies do have the secure flag set, so I'm a bit confused by this warning message. I also think that the PHP suggested to add to settings.php looks perfectly sensible and should be included, I'm sure we did have it on the old server, however there are 33 settings.php files on <a class="wiki" href="http://localhost:8080/trac/wiki/PuffinServer">wiki:PuffinServer</a> and I'm not clear which one the live site uses. </p> en-us /trac/chrome/site/TransitionNetwork-Logo-Web-Small.jpg http://localhost:8080/trac/ticket/520 Trac 0.12.5 chris Fri, 15 Mar 2013 23:16:49 GMT http://localhost:8080/trac/ticket/520#comment:1 http://localhost:8080/trac/ticket/520#comment:1 <ul> <li><strong>hours</strong> changed from <em>0.0</em> to <em>0.1</em> </li> <li><strong>totalhours</strong> changed from <em>0.0</em> to <em>0.1</em> </li> </ul> Ticket jim Sat, 16 Mar 2013 11:52:21 GMT http://localhost:8080/trac/ticket/520#comment:2 http://localhost:8080/trac/ticket/520#comment:2 <ul> <li><strong>priority</strong> changed from <em>major</em> to <em>trivial</em> </li> <li><strong>type</strong> changed from <em>defect</em> to <em>task</em> </li> <li><strong>milestone</strong> set to <em>Maintenance</em> </li> </ul> <p> Already reported in <a class="ext-link" href="https://tech.transitionnetwork.org/trac/ticket/484#comment:5"><span class="icon">​</span>my last comment SSL ticket (484)</a>, see that for reasoning, and a link to the Drupal.org issue I raised. </p> <p> It's an false warning and can only be fixed by patching the Session443 module - I plan to submit a patch at some point this summer, but this is not an issue really and should be closed. Downgrading. </p> Ticket