search for: secure_cookies

...sts can reach you with different NATs/proxies or the client''s IP address changes. A "don''t bind session ID to my IP" checkbox would be good for clients with crappy ISPs. This also illustrates why IPv6 is needed now, not 10 years from now (NAT is killing security). "secure_cookies" are useless when it comes to security, because again, they rely on the client to send you what you sent them. DON''T do that. - Adam

Xapian?s websites (xapian.org, trac.xapian.org and lists.xapian.org) are now available via https: https://xapian.org, https://trac.xapian.org and https://lists.xapian.org/mailman/listinfo. (Currently https://lists.xapian.org/ redirects to non-https, because of limitations in mailman.) It?d be helpful if people could check if they have any problem accessing the sites over https. Note that