Index: includes/session.inc
===================================================================
RCS file: /cvs/drupal/drupal/includes/session.inc,v
retrieving revision 1.83
diff -u -p -r1.83 session.inc
--- includes/session.inc	1 May 2010 08:12:22 -0000	1.83
+++ includes/session.inc	18 May 2010 23:30:51 -0000
@@ -284,26 +284,21 @@ function drupal_session_started($set = N
  */
 function drupal_session_regenerate() {
   global $user, $is_https;
+  $session_name = session_name();
+  $params = session_get_cookie_params();
+  $expire = REQUEST_TIME + $params['lifetime'];
   if ($is_https && variable_get('https', FALSE)) {
-    $insecure_session_name = substr(session_name(), 1);
-    $params = session_get_cookie_params();
+    $insecure_session_name = substr($session_name, 1);
     $session_id = drupal_hash_base64(uniqid(mt_rand(), TRUE) . drupal_random_bytes(55));
-    setcookie($insecure_session_name, $session_id, REQUEST_TIME + $params['lifetime'], $params['path'], $params['domain'], FALSE, $params['httponly']);
+    setcookie($insecure_session_name, $session_id, $expire, $params['path'], $params['domain'], FALSE, $params['httponly']);
     $_COOKIE[$insecure_session_name] = $session_id;
   }
 
   if (drupal_session_started()) {
     $old_session_id = session_id();
-    session_regenerate_id();
-  }
-  else {
-    // Start the session when it doesn't exist yet.
-    // Preserve the logged in user, as it will be reset to anonymous
-    // by _drupal_session_read.
-    $account = $user;
-    drupal_session_start();
-    $user = $account;
   }
+  $session_id = session_id(drupal_hash_base64(uniqid(mt_rand(), TRUE) . drupal_random_bytes(55)));
+  setcookie($session_name, $session_id, $expire, $params['path'], $params['domain'], $params['secure'], $params['httponly']);
 
   if (isset($old_session_id)) {
     db_update('sessions')
@@ -313,6 +308,14 @@ function drupal_session_regenerate() {
       ->condition('sid', $old_session_id)
       ->execute();
   }
+  else {
+    // Start the session when it doesn't exist yet.
+    // Preserve the logged in user, as it will be reset to anonymous
+    // by _drupal_session_read.
+    $account = $user;
+    drupal_session_start();
+    $user = $account;
+  }
   date_default_timezone_set(drupal_get_user_timezone());
 }