Admin SSL Support
|Reported by:||ryan||Owned by:|
Improve out-of-the-box support for visiting the admin over SSL. The default behavior should be to allow visiting the admin over http or https with an option to force https. There should be separate secure and non-secure login cookies. The secure cookie should be delivered only over SSL. Let's consider a flag that will bind the secure cookie to an SSL session id.
- Define SECURE_AUTH_COOKIE
- Set secure cookie for SSL-only delivery.
- Optionally force https only logins with FORCE_HTTPS_LOGIN type define
- Wrap HTTPS == 'on' check in is_ssl() function
- Add admin_url() and includes_url() functions that will create https links if is_ssl()
- Use admin_url() and includes_url() for all JS and CSS links.