I can confirm I can't login to:

• Joomla 2.5.28
• Joomla 3.3.6
• Joomla 3.4.4
• Joomla 3.4.8

when I have session.cookie_secure set to 1. So I don't think it is something new.

Like you I wonder why it is set to one as per default it is turned off in php.ini

hi @roland-d

thanks for your reply.
i am thinking though that it is set 1 in our server because we are using https.

i'll be deploying j 3.4.8 (with https) in a while so i will know if it will make any difference if the value is 0 or 1.

Unable to replicate.

Steps taken:

1. Build a one-click server with Joomla 3.4.8 installed at DigitalOcean (PHP 5.5.9-1ubuntu4.14 by default)
2. SSH and change the php.ini setting session.cookie_secure = 1
3. Restart apache
4. install letsencrypt and install a SSL Certiicate
5. restart apache
6. Go to admin /administrator/ and login
7. Result: I'm logged in...

Hi @PhilETaylor,

Thanks for your confirmation.
I confirmed as well that it doesn't matter whether the cookie_secure is On or Off in the https environment. I can just login to the site with either values.

So maybe I can say that this is not a joomla issue but a configuration mismatch.

Thanks for your help guys and I am closing this now.

I had this same issue. I did a password reset from the site and also through the database with no luck. I had to restore the backup to gain access to the site. Also users weren't able to login either. Now I would like to update without an issue and I would prefer to keep the php.ini setting session.cookie_secure = 1. Any suggestions? Thank you

I have upgraded again but I have made sure that my cookie cleaner does't remove the cookie for the site. So far I have no issues but lets see what happens when the cookie expires. At least I know how to recover.
See ya later!

Like I said, I investigated this issue fully and could not replicate the issue