in der application.top.php
// verify the ssl_session_id if the feature is enabled
if (($request_type == 'SSL') && (SESSION_CHECK_SSL_SESSION_ID == 'True') && (ENABLE_SSL == true) && ($session_started == true)) {
$ssl_session_id = getenv('SSL_SESSION_ID');
... usw.
getenv('SSL_SESSION_ID') ist nie etwas enthalten, somit, die SSL_SESSION_ID immer false...