diff --git a/inc/common.inc.php b/inc/common.inc.php
index 3cac75b8..12739df6 100644
--- a/inc/common.inc.php
+++ b/inc/common.inc.php
@@ -38,7 +38,12 @@ if (!defined('IN_SCRIPT')) {
 // Set correct Content-Type header
 if (!defined('NO_HTTP_HEADER')) {
     header('Content-Type: text/html; charset=utf-8');
-	header('X-Frame-Options: SAMEORIGIN');
+
+    // Don't allow HESK to be loaded in a frame on third party domains
+    if ($hesk_settings['x_frame_opt'])
+    {
+        header('X-Frame-Options: SAMEORIGIN');
+    }
 }
 
 // Set backslash options
@@ -56,12 +61,47 @@ if (!defined('ENT_XHTML')) {
     define('ENT_XHTML', 0);
 }
 
+// Is this is a SSL connection?
+if (isset($_SERVER['HTTPS']) && strtolower($_SERVER['HTTPS']) == 'on') {
+    define('HESK_SSL', true);
+
+    // Use https-only cookies
+    @ini_set('session.cookie_secure', 1);
+} else {
+    // Force redirect?
+    if ($hesk_settings['force_ssl']) {
+        header('HTTP/1.1 301 Moved Permanently');
+        header('Location: https://' . $_SERVER['HTTP_HOST'] . $_SERVER['REQUEST_URI']);
+        exit();
+    }
+
+    define('HESK_SSL', false);
+}
+
+// Prevents javascript XSS attacks aimed to steal the session ID
+@ini_set('session.cookie_httponly', 1);
+
+// **PREVENTING SESSION FIXATION**
+// Session ID cannot be passed through URLs
+@ini_set('session.use_only_cookies', 1);
+
+
 // Load language file
 hesk_getLanguage();
 
 
 /*** FUNCTIONS ***/
 
+function hesk_setcookie($name, $value, $expire=0, $path=""){
+    if (HESK_SSL) {
+        setcookie($name, $value, $expire, $path, "", true, true);
+    } else {
+        setcookie($name, $value, $expire, $path, "", false, true);
+    }
+
+    return true;
+} // END hesk_setcookie()
+
 function hesk_service_message($sm)
 {
     $faIcon = $sm['icon'];
@@ -145,6 +185,11 @@ function hesk_clean_utf8($in)
 
 function hesk_load_database_functions()
 {
+    // Already loaded?
+    if (function_exists('hesk_dbQuery')) {
+        return true;
+    }
+
     // Preferrably use the MySQLi functions
     if (function_exists('mysqli_connect')) {
         require(HESK_PATH . 'inc/database_mysqli.inc.php');
@@ -204,7 +249,11 @@ function hesk_utf8_urldecode($in)
 
 function hesk_SESSION($in, $default = '')
 {
-    return isset($_SESSION[$in]) && ! is_array($_SESSION[$in]) ? $_SESSION[$in] : $default;
+    if (is_array($in)) {
+        return isset($_SESSION[$in[0]][$in[1]]) && ! is_array(isset($_SESSION[$in[0]][$in[1]])) ? $_SESSION[$in[0]][$in[1]] : $default;
+    } else {
+        return isset($_SESSION[$in]) && ! is_array($_SESSION[$in]) ? $_SESSION[$in] : $default;
+    }
 } // END hesk_SESSION();
 
 
@@ -327,7 +376,7 @@ function hesk_verifyEmailMatch($trackingID, $my_email = 0, $ticket_email = 0, $e
 
     /* Email doesn't match, clean cookies and error out */
     if ($error) {
-        setcookie('hesk_myemail', '');
+        hesk_setcookie('hesk_myemail', '');
         hesk_process_messages($hesklang['enmdb'], 'ticket.php?track=' . $trackingID . '&Refresh=' . rand(10000, 99999));
     } else {
         return false;
@@ -1105,7 +1154,7 @@ function hesk_getLanguage()
     }
 
     /* Remember and set the selected language */
-    setcookie('hesk_language', $hesk_settings['language'], time() + 31536000, '/');
+    hesk_setcookie('hesk_language', $hesk_settings['language'], time() + 31536000, '/');
     return hesk_returnLanguage();
 } // END hesk_getLanguage()
 
@@ -1113,10 +1162,45 @@ function hesk_getLanguage()
 function hesk_returnLanguage()
 {
     global $hesk_settings, $hesklang;
-    require(HESK_PATH . 'language/' . $hesk_settings['languages'][$hesk_settings['language']]['folder'] . '/text.php');
-    $customLanguagePath = HESK_PATH . 'language/' . $hesk_settings['languages'][$hesk_settings['language']]['folder'] . '/custom-text.php';
-    if (file_exists($customLanguagePath)) {
-        include($customLanguagePath);
+    // Variable that will be set to true if a language file was loaded
+    $language_loaded = false;
+
+    // Load requested language file
+    $language_file = HESK_PATH . 'language/' . $hesk_settings['languages'][$hesk_settings['language']]['folder'] . '/text.php';
+    if (file_exists($language_file)) {
+        require($language_file);
+        $language_loaded = true;
+    }
+
+    // Requested language file not found, try to load default installed language
+    if (!$language_loaded && $hesk_settings['language'] != HESK_DEFAULT_LANGUAGE) {
+        $language_file = HESK_PATH . 'language/' . $hesk_settings['languages'][HESK_DEFAULT_LANGUAGE]['folder'] . '/text.php';
+        if (file_exists($language_file)) {
+            require($language_file);
+            $language_loaded = true;
+            $hesk_settings['language'] = HESK_DEFAULT_LANGUAGE;
+        }
+    }
+
+    // Requested language file not found, can we at least load English?
+    if (!$language_loaded && $hesk_settings['language'] != 'English' && HESK_DEFAULT_LANGUAGE != 'English') {
+        $language_file = HESK_PATH . 'language/en/text.php';
+        if (file_exists($language_file)) {
+            require($language_file);
+            $language_loaded = true;
+            $hesk_settings['language'] = 'English';
+        }
+    }
+
+    // If a language is still not loaded, give up
+    if (!$language_loaded) {
+        die('Count not load a valid language file.');
+    }
+
+    // Load a custom text file if available
+    $language_file = HESK_PATH . 'language/' . $hesk_settings['languages'][$hesk_settings['language']]['folder'] . '/custom-text.php';
+    if (file_exists($language_file)) {
+        require($language_file);
     }
     return true;
 } // END hesk_returnLanguage()