From 97390fd939969f69b9eba2475bcf57d11c4b33c8 Mon Sep 17 00:00:00 2001
From: Rossen Stoyanchev <rstoyanchev@pivotal.io>
Date: Fri, 23 Jun 2017 17:05:57 -0400
Subject: [PATCH] Polish

---
 .../web/server/session/CookieWebSessionIdResolver.java       | 5 +++--
 1 file changed, 3 insertions(+), 2 deletions(-)

diff --git a/spring-web/src/main/java/org/springframework/web/server/session/CookieWebSessionIdResolver.java b/spring-web/src/main/java/org/springframework/web/server/session/CookieWebSessionIdResolver.java
index 799b0af2e2..32984c0eb9 100644
--- a/spring-web/src/main/java/org/springframework/web/server/session/CookieWebSessionIdResolver.java
+++ b/spring-web/src/main/java/org/springframework/web/server/session/CookieWebSessionIdResolver.java
@@ -87,10 +87,11 @@ public class CookieWebSessionIdResolver implements WebSessionIdResolver {
 
 	@Override
 	public void setSessionId(ServerWebExchange exchange, String id) {
+		String name = getCookieName();
 		Duration maxAge = (StringUtils.hasText(id) ? getCookieMaxAge() : Duration.ofSeconds(0));
-		ResponseCookie cookie = ResponseCookie.from(getCookieName(), id).maxAge(maxAge).build();
+		boolean secure = "https".equalsIgnoreCase(exchange.getRequest().getURI().getScheme());
 		MultiValueMap<String, ResponseCookie> cookieMap = exchange.getResponse().getCookies();
-		cookieMap.set(getCookieName(), cookie);
+		cookieMap.set(name, ResponseCookie.from(name, id).maxAge(maxAge).httpOnly(true).secure(secure).build());
 	}
 
 }