diff --git a/VERSION b/VERSION
index 2ecf413b..c76cc122 100644
--- a/VERSION
+++ b/VERSION
@@ -1 +1 @@
-Version 2.10.0-trunk+timestamp.2014.08.21.18.22.13
+Version 2.10.0-trunk+timestamp.2014.08.25.16.35.41
diff --git a/applications/admin/controllers/appadmin.py b/applications/admin/controllers/appadmin.py
index a74f0569..abd3c6ad 100644
--- a/applications/admin/controllers/appadmin.py
+++ b/applications/admin/controllers/appadmin.py
@@ -32,7 +32,7 @@ try:
 except:
     hosts = (http_host, )
 
-if request.env.http_x_forwarded_for or request.is_https:
+if request.is_https:
     session.secure()
 elif (remote_addr not in hosts) and (remote_addr != "127.0.0.1") and \
     (request.function != 'manage'):
diff --git a/applications/admin/models/access.py b/applications/admin/models/access.py
index 823ec438..d27ff5b5 100644
--- a/applications/admin/models/access.py
+++ b/applications/admin/models/access.py
@@ -19,7 +19,7 @@ if request.env.web2py_runtime_gae:
 else:
     is_gae = False
 
-if request.env.http_x_forwarded_for or request.is_https:
+if request.is_https:
     session.secure()
 elif not request.is_local and not DEMO_MODE:
     raise HTTP(200, T('Admin is disabled because insecure channel'))
diff --git a/applications/examples/controllers/appadmin.py b/applications/examples/controllers/appadmin.py
index a74f0569..abd3c6ad 100644
--- a/applications/examples/controllers/appadmin.py
+++ b/applications/examples/controllers/appadmin.py
@@ -32,7 +32,7 @@ try:
 except:
     hosts = (http_host, )
 
-if request.env.http_x_forwarded_for or request.is_https:
+if request.is_https:
     session.secure()
 elif (remote_addr not in hosts) and (remote_addr != "127.0.0.1") and \
     (request.function != 'manage'):
diff --git a/applications/welcome/controllers/appadmin.py b/applications/welcome/controllers/appadmin.py
index a74f0569..abd3c6ad 100644
--- a/applications/welcome/controllers/appadmin.py
+++ b/applications/welcome/controllers/appadmin.py
@@ -32,7 +32,7 @@ try:
 except:
     hosts = (http_host, )
 
-if request.env.http_x_forwarded_for or request.is_https:
+if request.is_https:
     session.secure()
 elif (remote_addr not in hosts) and (remote_addr != "127.0.0.1") and \
     (request.function != 'manage'):