id	summary	reporter	owner	description	type	status	component	version	severity	resolution	keywords	cc	stage	has_patch	needs_docs	needs_tests	needs_better_patch	easy	ui_ux
6657	HttpResponse.set_cookie(secure=False) still sets secure cookies	Marty Alchin	nobody	"Currently, `set_cookie()` sets the `secure` attribute on the outgoing cookie if it's anything other than `None`, but since the `secure` attribute on cookies doesn't actually use a value, it gets sent out as secure any time ''any'' value is set on the cookie. This means that using `secure=False` results in a secure cookie. While it's still possible to set a non-secure cookie by simply omitting the `secure` argument entirely, the current behavior seems counter-intuitive.

{{{
#!python
>>> from django.http import HttpResponse
>>> response = HttpResponse()
>>> response.set_cookie('a')
>>> response.set_cookie('b', secure=False)
>>> response.set_cookie('c', secure=True)
>>> print response.cookies
Set-Cookie: a=; Path=/
Set-Cookie; b=; Path=/; secure
Set-Cookie; c=; Path=/; secure
}}}"		closed	HTTP handling	dev		fixed			Ready for checkin	1	0	0	0	0	0