Backported sqsetcookie() from 1.5.2, so cookies won't be transmitted under
non-SSL connections if the session is started under an SSL (https) connection
(CVE-2008-3663)

Also limits cookies to HTTPOnly, a feature of IE and Firefox to counter cross
site scripting attacks.

Patch by Paul Lesniewski of the SquirrelMail team.
Thanks Hanno Boeck for discovery of this issue.