GitHub is home to over 20 million developers working together to host and review code, manage projects, and build software together.
A new option: when we are handling a request via ssl, then keep all redirects etc under ssl.
The default is now to switch to non-ssl when ssl is not explicitly set.
I assume this is to avoid mixing insecure and secure data on the same page. +1 :)
Also to make it easier to keep your session cookie secure. Maybe a side effect could be to set the 'secure' flag on the session cookie.
Maybe we should call it 'ssl_secure_session' and keep everything (and the session cookie) in SSL unless explicitly stated otherwise in the dispatch rule.
mod_ssl: Added mod_ssl, enables ssl certs per site. Removed ssl from …
…the core. Tuned dispatch rules for more secure usage. Fixes #434. Fixes #433.