diff -r 806b53dc5474 -r 7e9a1a5919e8 web/application.py
--- a/web/application.py	Wed Oct 20 17:37:00 2010 +0200
+++ b/web/application.py	Thu Oct 21 08:23:38 2010 +0200
@@ -216,6 +216,8 @@
         session = self.session_manager.open_session(req)
         cookie = req.get_cookie()
         cookie[self.SESSION_VAR] = session.sessionid
+        if req.https:
+            cookie[self.SESSION_VAR]['secure'] = True
         req.set_cookie(cookie, self.SESSION_VAR, maxage=None)
         if not session.anonymous_session:
             self._postlogin(req)