I may have missed something, but it looks like the 'secure' bit of the cookie is in the settings, but not the value.
>From a pyramid standpoint, this would be a step backwards - as the default policy is a signed cookie. My 2ยข: your package should implement signed cookies by default... and support plaintext and encrypted cookies as options. -- You received this message because you are subscribed to the Google Groups "pylons-discuss" group. To unsubscribe from this group and stop receiving emails from it, send an email to pylons-discuss+unsubscr...@googlegroups.com. To post to this group, send email to pylons-discuss@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/pylons-discuss/c1de437b-35e6-4ab6-8858-6c85a027c6af%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
