In my situation it is not possible to use force_ssl=1 in the config.ini.php file for more than one reason. One reason are the scripts which are using the API, an other the web cron. I can’t change that! I guess I’m not alone with this problem.
My suggestion is to introduce a special flag only for the web login. For example: force_ssl_login = 1
Do you have other or better ideas?
Thank you for the discussion