This patch removes the autodetection of the secure flag for the cookie
based on whether the user is accessing simpleSAMLphp through https. The
reason for this is that the user can often access an SP through both
https and http. If the user starts with http, everything will work, but
if the user starts with https, the user will get two separate cookies,
one for https and one for http.

This patch introduces a new configuration option in config.php:

    /*
     * Set the secure flag in the cookie.
     *
     * Set this to TRUE if the user only accesses your service
     * through https. If the user can access the service through
     * both http and https, this must be set to FALSE.
     */
    'session.cookie.secure' => FALSE,

git-svn-id: https://simplesamlphp.googlecode.com/svn/trunk@2180 44740490-163a-0410-bde0-09ae8108e29a