# Netscape HTTP Cookie File# https://curl.haxx.se/docs/http-cookies.html# This file was generated by libcurl! Edit at your own risk.
localhost FALSE /MLP318 TRUE 0 JSESSIONID 6135D2A1DC70D08AC434D77503339128
The cookie indeed had Secure flag set, but this curl version under Linux had no problem storing it. But while loading back the cookie (--cookie cookies.txt), it wasn't transmitted to the server, presumably due to having the Secure flag.
While I understand that secure cookies are intended to be transmitted over a https connection, it would be nice to have curl treat localhost as secure by default (even over HTTP), or at least include a CLI option for this behaviour. Mozilla Firefox already does this.