diff --git a/wp-admin/async-upload.php b/wp-admin/async-upload.php
index 59feb8cec..18b810414 100644
--- a/wp-admin/async-upload.php
+++ b/wp-admin/async-upload.php
@@ -10,7 +10,9 @@ else
 	require_once('../wp-load.php');
 
 // Flash often fails to send cookies with the POST or upload, so we need to pass it in GET or POST instead
-if ( empty($_COOKIE[AUTH_COOKIE]) && !empty($_REQUEST['auth_cookie']) )
+if ( is_ssl() && empty($_COOKIE[SECURE_AUTH_COOKIE]) && !empty($_REQUEST['auth_cookie']) )
+	$_COOKIE[SECURE_AUTH_COOKIE] = $_REQUEST['auth_cookie'];
+elseif ( empty($_COOKIE[AUTH_COOKIE]) && !empty($_REQUEST['auth_cookie']) )
 	$_COOKIE[AUTH_COOKIE] = $_REQUEST['auth_cookie'];
 unset($current_user);
 require_once('admin.php');
diff --git a/wp-admin/includes/media.php b/wp-admin/includes/media.php
index 0c25801f3..cf530d426 100644
--- a/wp-admin/includes/media.php
+++ b/wp-admin/includes/media.php
@@ -850,7 +850,7 @@ jQuery(function($){
 			file_types: "<?php echo apply_filters('upload_file_glob', '*.*'); ?>",
 			post_params : {
 				"post_id" : "<?php echo $post_id; ?>",
-				"auth_cookie" : "<?php echo $_COOKIE[AUTH_COOKIE]; ?>",
+				"auth_cookie" : "<?php if ( is_ssl() ) echo $_COOKIE[SECURE_AUTH_COOKIE]; else echo $_COOKIE[AUTH_COOKIE]; ?>",
 				"_wpnonce" : "<?php echo wp_create_nonce('media-form'); ?>",
 				"type" : "<?php echo $type; ?>",
 				"tab" : "<?php echo $tab; ?>",
diff --git a/wp-includes/pluggable.php b/wp-includes/pluggable.php
index b390a3a41..535f42416 100644
--- a/wp-includes/pluggable.php
+++ b/wp-includes/pluggable.php
@@ -589,8 +589,8 @@ function wp_set_auth_cookie($user_id, $remember = false, $secure = '') {
 	$auth_cookie = wp_generate_auth_cookie($user_id, $expiration, $scheme);
 	$logged_in_cookie = wp_generate_auth_cookie($user_id, $expiration, 'logged_in');
 
-	do_action('set_auth_cookie', $auth_cookie, $expire, $scheme);
-	do_action('set_auth_cookie', $logged_in_cookie, $expire, 'logged_in');
+	do_action('set_auth_cookie', $auth_cookie, $expire, $expiration, $user_id, $scheme);
+	do_action('set_logged_in_cookie', $logged_in_cookie, $expire, $expiration, $user_id, 'logged_in');
 
 	setcookie($auth_cookie_name, $auth_cookie, $expire, SITECOOKIEPATH . 'wp-admin', COOKIE_DOMAIN, $secure);
 	setcookie(LOGGED_IN_COOKIE, $logged_in_cookie, $expire, COOKIEPATH, COOKIE_DOMAIN);
diff --git a/wp-login.php b/wp-login.php
index ba97b12d0..1a0490b29 100644
--- a/wp-login.php
+++ b/wp-login.php
@@ -411,7 +411,7 @@ default:
 	else
 		$redirect_to = 'wp-admin/';
 
-	if ( is_ssl() && force_ssl_login() && !force_ssl_admin() && ( 0 !== strpos($redirect_to, 'https') ) )
+	if ( is_ssl() && force_ssl_login() && !force_ssl_admin() && ( 0 !== strpos($redirect_to, 'https') ) && ( 0 === strpos($redirect_to, 'http') ) )
 		$secure_cookie = false;
 	else
 		$secure_cookie = '';