Add new param called cookie_secure to Auth code to enforce cookies only being sent over secure (SSL) connection. template/en/default/admin/params/auth.html.tmpl Bugzilla/Config/Auth.pm Bugzilla/Auth/Persist/Cookie.pm
Created attachment 292326 [details] Patch to add cookie_secure param to auth code
https://bugzilla.mozilla.org/show_bug.cgi?id=381569
Worked 2 hours on this patch.
Instead of adding a new cookie_secure param, we went the route of enforcing secure cookie whenever the 'ssl' param is set to either 'authenticated sessions' or 'always' so this can be closed.