However how does it act if it is set to false? Does it always make it un-secure, or does it not care?
because I have this programming in Java to try and control it
cookie.setSecure( URL.startsWith( "https" ) );
If I try it locally with tomcat it works correctly for Http (un-secure) and Https (secure).
However my server runs weblogic which is HTTPS but it always marks it un-secure.
So I was wonder if cookie-secure = false it setting it to un-secure. and if so, is there a way around it?