Set secure session cookies when redirecting from HTTP to HTTPS.

So far for session cookies the secure property was only set when no
HTTP port was opened. This changes to also set it when HTTP is redirected
to the HTTPS port.

Author: fzs

src/main/java/com/gitblit/GitBlitServer.java

@@ -375,7 +375,8 @@ public void log(String message) {
 		HashSessionManager sessionManager = new HashSessionManager();
 		sessionManager.setHttpOnly(true);
 		// Use secure cookies if only serving https
-		sessionManager.setSecureRequestOnly(params.port <= 0 && params.securePort > 0);
+		sessionManager.setSecureRequestOnly( (params.port <= 0 && params.securePort > 0) ||
+				(params.port > 0 && params.securePort > 0 && settings.getBoolean(Keys.server.redirectToHttpsPort, true)) );
 		rootContext.getSessionHandler().setSessionManager(sessionManager);
 
 		// Ensure there is a defined User Service