our moodle site runs behind an ssl offloading proxy. Besides that i still have set loginhttps='1', which to my understanding should be no problem. I have also altered some of the cookie settings, especially cookiesecure='1'. If so the cookiesecure security check always fails because loginhttps is enabled. I don't understand how a forced login via https could interfere with secure cookies, so could anyone explain why the check fails or might it be a bug?