Option to limit PHPSESSID cookie to https?
I was checking on why my test forum doesn't have a full green padlock when I accidentally looked into its cookie details and found out that its cookie is sent for secure connections only but PHPSESSID is sent for any kind of connection (not secure) even when logged with an admin account.
I am not sure whether this ok (or bad) but I was thinking of why not check if the forum is using https and limit all PHPSESSID cookies to https only. Or if that is too much, may be only limit the administrator's PHPSESSID cookie to https. But may be best if both options are made available.
This may be nothing to worry about in the current way and I also have no idea on how this would benefit the forum users or admins and how to secure PHPSESSID cookie yet.