Index: includes/bootstrap.inc
===================================================================
RCS file: /cvs/drupal/drupal/includes/bootstrap.inc,v
retrieving revision 1.145.2.6
diff -u -p -r1.145.2.6 bootstrap.inc
--- includes/bootstrap.inc	26 Jul 2007 19:16:45 -0000	1.145.2.6
+++ includes/bootstrap.inc	3 Oct 2007 17:17:24 -0000
@@ -276,7 +276,12 @@ function conf_init() {
     // If the $cookie_domain is empty, try to use the session.cookie_domain.
     $cookie_domain = ini_get('session.cookie_domain');
   }
-  if ($cookie_domain) {
+  if (ini_get('session.cookie_secure')) {
+    // If the user specifies secure session cookies, use $base_url as session
+    // name, so there are different identifiers for http and https.
+    $session_name = $base_url;
+  }
+  elseif ($cookie_domain) {
     // If the user specifies the cookie domain, also use it for session name.
     $session_name = $cookie_domain;
   }
@@ -284,6 +289,8 @@ function conf_init() {
     // Otherwise use $base_url as session name, without the protocol
     // to use the same session identifiers across http and https.
     list( , $session_name) = explode('://', $base_url, 2);
+  }
+  if (!$cookie_domain) {
     // We try to set the cookie domain to the hostname.
     // We escape the hostname because it can be modified by a visitor.
     if (!empty($_SERVER['HTTP_HOST'])) {