Closed
Description
Symfony version(s) affected
5.4.0
Description
If i set session.cookie_secure=auto on framework.yaml the expected behaviour, to set session cookie secure flag related to used http schema, doesn't work anymore.
How to reproduce
- set session.cookie_secure=auto on framework.yaml
- do a non-HTTPS request
- session.cookie_secure is set to true
Possible Solution
The session.cookie_secure=auto setting doesn't work anymore as expected, because the Cookie::create expects a boolean value for $secure parameter... so now, it's always true. :-(
https://github.com/symfony/symfony/blob/5.4/src/Symfony/Component/HttpKernel/EventListener/AbstractSessionListener.php#L171
Additional Context
No response