FIX: force secure cookies on session if force https is enabled

lib/discourse_cookie_store.rb

@@ -0,0 +1,16 @@
+class ActionDispatch::Session::DiscourseCookieStore < ActionDispatch::Session::CookieStore
+  def initialize(app, options={})
+    super(app,options)
+  end
+
+  private
+
+  def set_cookie(request, session_id, cookie)
+    if Hash === cookie
+      if SiteSetting.force_https
+        cookie[:secure] = true
+      end
+    end
+    cookie_jar(request)[@key] = cookie
+  end
+end