Use the secure flag in setcookie() when connecting over 443

[thewhit]

No description provided.

[codecov-io]

Current coverage is 71.42% (diff: 100%)

Merging #48 into master will increase coverage by 0.16%

@@             master        #48   diff @@
==========================================
  Files             2          2          
  Lines           174        175     +1   
  Methods          10         10          
  Messages          0          0          
  Branches          0          0          
==========================================
+ Hits            124        125     +1   
  Misses           50         50          
  Partials          0          0          

Powered by Codecov. Last update 283a56b...83668f9

[mebjas]

Thanks for the pull :)

@thewhit cookies in our context is used to transfer the token from server to client, so that only scripts running in that page can access it. It doesn't matter even if the cookie is sent back by the client or not, as the validation is done between the request parameter and token stored in session variable. So I don't see any benefit of setting the secure flag.

Now, just to learn more, let's say we needed the cookie back at server, aren't there cases where a page could have mix of http / https.
@abiusx your views?

[mebjas]

@thewhit should I close this PR, or you have some view on this?

[thewhit]

@mebjas you can close it, as you're right it's possible the library could be used on a mix of http / https. Thanks.