Index: trunk/core/kernel/application.php
===================================================================
diff -u -r2664 -r2666
--- trunk/core/kernel/application.php	(.../application.php)	(revision 2664)
+++ trunk/core/kernel/application.php	(.../application.php)	(revision 2666)
@@ -668,7 +668,16 @@
 		if( isset($params['index_file']) ) $index_file = $params['index_file'];
 
 		$ssl = isset($params['__SSL__']) ? $params['__SSL__'] : null;
+		if ($ssl && PROTOCOL == 'http://') {
+			$session =& $this->recallObject('Session');
+			$cookie_url = $session->CookieDomain.$session->CookiePath;
+			$ssl_url = $this->ConfigValue('SSL_URL');
 
+			if (!preg_match('#'.preg_quote($cookie_url).'#', $ssl_url)) {
+				$session->SetMode(smGET_ONLY);
+			}
+		}
+
 		if (getArrayValue($params, 'opener') == 'u') {
 			$opener_stack=$this->RecallVar('opener_stack');
 			if($opener_stack) {
@@ -790,19 +799,19 @@
 
 	function BaseURL($prefix='', $ssl=null)
 	{
-		if ($ssl == null) {
+		if ($ssl === null) {
 			return PROTOCOL.SERVER_NAME.(defined('PORT')?':'.PORT : '').BASE_PATH.$prefix.'/';
 		}
 		else {
 			if ($ssl) {
 				if (PROTOCOL == 'http://') {
 					$this->StoreVar('HTTP_SERVER_NAME', SERVER_NAME);
+					$this->StoreVar('HTTP_BASE_PATH', BASE_PATH);
 				}
 				return $this->ConfigValue('SSL_URL').$prefix.'/';
 			}
 			else {
-
-				return 'http://'.$this->RecallVar('HTTP_SERVER_NAME').(defined('PORT')?':'.PORT : '').BASE_PATH.$prefix.'/';
+				return 'http://'.$this->RecallVar('HTTP_SERVER_NAME').(defined('PORT')?':'.PORT : '').$this->RecallVar('HTTP_BASE_PATH').$prefix.'/';
 			}
 		}
 	}