FlexibleSslListener secure remember me not working

[kbond]

As far as I can tell this feature is not working. The remember me cookie remains unsecure.

[igorw]

Confirmed, looking into it. Thanks!

[igorw]

This can be configured at the firewall level as follows:

security:
    firewalls:
        main:
            remember_me:
                key:      aSecretKey
                lifetime: 3600
                path:     /
                domain:   ~
                secure: true

So I'm not sure we even have to take care of it. Jordi?

[dustin10]

@igorw There is also this. Although, I'm not sure if requires_channel is only used in matching or if it will do the switch.

[Seldaek]

@dustin10: As far as I know it only matches (or does not match).

[Seldaek]

@igorw @kbond I still think we should fix it, this basically should enforce the core config to do secure remember-me cookies.

[Seldaek]

OK I finally looked into this and now it will really force every new cookie set in the login request to be secure (except the auth one from this bundle).