SECURITY: heello session cookies not marked "secure" only

[katanacrimson]

As on tin. This is dangerous and the cookies should be restricted to HTTPS only.

[caseym]

This should be updated either this evening or over the weekend. Thank you for bringing this to our attention.

[caseym]

Fixed. Must log out or clear the Heello session cookie to get the new secure cookie.

[katanacrimson]

Thanks for the dedication to getting this one fixed. I'll be poking around and seeing if I can find anything else that is noteworthy.