- undo previous secure-cookie change since it interacts badly in situations where "RestrictLoginToSSLP" is "1" and https is available: In such cases, e.g. the login page is redirected from a http (insecure) url to an https (secure) page. But when later continuing on the http connection, the user appears to be not logged in, since a well-behaved browser does not send the "secure" login coockie over the insecure connection.