id	summary	reporter	owner	description	type	status	priority	milestone	component	version	severity	resolution	keywords	cc
7001	Admin SSL Support	ryan	anonymous	"Improve out-of-the-box support for visiting the admin over SSL.  The default behavior should be to allow visiting the admin over http or https with an option to force https.  There should be separate secure and non-secure login cookies.  The secure cookie should be delivered only over SSL.  Let's consider a flag that will bind the secure cookie to an SSL session id.

Implementation suggestions:

 * Define SECURE_AUTH_COOKIE
 * Set secure cookie for SSL-only delivery.
 * Optionally force https only logins with FORCE_HTTPS_LOGIN type define
 * Wrap HTTPS == 'on' check in is_ssl() function
 * Add admin_url() and includes_url() functions that will create https links if is_ssl()
 * Use admin_url() and includes_url() for all JS and CSS links."	defect (bug)	closed	normal	2.6	General		normal	fixed