[HttpKernel] session.cookie_secure=auto leads to session secure flag to be always true

### Symfony version(s) affected

5.4.0

### Description

If i set session.cookie_secure=auto on framework.yaml the expected behaviour, to set session cookie secure flag related to used http schema, doesn't work anymore.

### How to reproduce

- set session.cookie_secure=auto on framework.yaml 
- do a non-HTTPS request
- session.cookie_secure is set to true

### Possible Solution

The session.cookie_secure=auto setting doesn't work anymore as expected, because the Cookie::create expects a boolean value for $secure parameter... so now, it's always true. :-(
https://github.com/symfony/symfony/blob/5.4/src/Symfony/Component/HttpKernel/EventListener/AbstractSessionListener.php#L171

### Additional Context

_No response_

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

Uh oh!

[HttpKernel] session.cookie_secure=auto leads to session secure flag to be always true #44521

Symfony version(s) affected

Description

How to reproduce

Possible Solution

Additional Context

Metadata

Assignees

Labels

Type

Projects

Milestone

Relationships

Development

Uh oh!

[HttpKernel] session.cookie_secure=auto leads to session secure flag to be always true #44521

Description

Symfony version(s) affected

Description

How to reproduce

Possible Solution

Additional Context

Metadata

Metadata

Assignees

Labels

Type

Projects

Milestone

Relationships

Development

Issue actions