--- bootstrap.inc	2009-10-29 17:32:23.000000000 +0200
+++ bootstrap_new.inc	2009-10-29 17:31:38.000000000 +0200
@@ -370,7 +370,9 @@ function conf_init() {
   else {
     // Otherwise use $base_url as session name, without the protocol
     // to use the same session identifiers across http and https.
-    list( , $session_name) = explode('://', $base_url, 2);
+    $host_wo_port = explode(':', $_SERVER['HTTP_HOST']);
+    $host_wo_port = '.'. $host_wo_port[0];
+    list( , $session_name) = explode('://', $host_wo_port, 2);
     // We escape the hostname because it can be modified by a visitor.
     if (!empty($_SERVER['HTTP_HOST'])) {
       $cookie_domain = check_plain($_SERVER['HTTP_HOST']);