There is a checkbox on the login.php page. [x] Stay in secure (https) mode after login
The presented form may be accessed by either http or https. It defaults to checked which is good. The form submit action is always to an https URL which is also good. But then regardless of the setting of that checkbox the result is always https even if the checkbox is not checked. This is also good. I think this question is now obsolete and should be removed. I think it became obsolete when the form POST action switched to https. (Which was a very good thing.) Since this code was written there has been a big movement to make the web more secure. I think this is just a leftover from the old days. I will investigate a little more but I plan on removing that checkbox. I don't believe this will have any user visible effects. Bob
