Consider setting ignore_login_ip to true by default if HTTPS enabled

[drn05r]

ignore_login_ip as a configuration setting is a historic feature to improve security of logged in sessions. WIth HTTPS this is rather superfluous but is still enabled by default and can present issues to users who sit behind some sort of round-robin NAT where their IP address can quickly change between requests. It may be worth keeping ignore_login_ip enabled if HTTPS is not enabled but it creates more issues than it solves if HTTPS is enabled.

[jesusbagpuss]

I think this is a sensible option / update, especially now there are services such as LetsEncrypt that offer free HTTPS certificates.

When I first read the title of this question, I mentally parsed it as:
ignore login ip if a user is logging in over https
rather than:
set this global system param if the configuration supports https

The first of these feels slightly less risky - but I think it's marginal - so happy with either interpretation.

[drn05r]

I have reviewed the code and it is only referenced in one place so I was planning to just modify the if statement to say ignore_login_ip or securehost is set.