From 2236f57c0b5c8f951009b80cce2bb9bd11ffce3f Mon Sep 17 00:00:00 2001
From: paderinandrey <andy.paderin@gmail.com>
Date: Mon, 6 Dec 2021 20:31:40 +0300
Subject: [PATCH 1/2] secure-remember_me-cookie

---
 lib/generators/sorcery/templates/initializer.rb  | 5 +++++
 lib/sorcery/controller/submodules/remember_me.rb | 7 ++++---
 2 files changed, 9 insertions(+), 3 deletions(-)

diff --git a/lib/generators/sorcery/templates/initializer.rb b/lib/generators/sorcery/templates/initializer.rb
index c4fe62f4..1660245e 100644
--- a/lib/generators/sorcery/templates/initializer.rb
+++ b/lib/generators/sorcery/templates/initializer.rb
@@ -31,6 +31,11 @@
   #
   # config.remember_me_httponly =
 
+  # Set secure flag for remember_me cookie
+  # Default: `false`
+  #
+  # config.remember_me_secure =
+
   # Set token randomness. (e.g. user activation tokens)
   # The length of the result string is about 4/3 of `token_randomness`.
   # Default: `15`
diff --git a/lib/sorcery/controller/submodules/remember_me.rb b/lib/sorcery/controller/submodules/remember_me.rb
index e74daced..736c86d5 100644
--- a/lib/sorcery/controller/submodules/remember_me.rb
+++ b/lib/sorcery/controller/submodules/remember_me.rb
@@ -10,9 +10,9 @@ def self.included(base)
           base.send(:include, InstanceMethods)
           Config.module_eval do
             class << self
-              attr_accessor :remember_me_httponly
+              attr_accessor :remember_me_httponly, :remember_me_secure
               def merge_remember_me_defaults!
-                @defaults.merge!(:@remember_me_httponly => true)
+                @defaults.merge!(:@remember_me_httponly => true, :@remember_me_secure => false)
               end
             end
             merge_remember_me_defaults!
@@ -71,7 +71,8 @@ def set_remember_me_cookie!(user)
               value: user.send(user.sorcery_config.remember_me_token_attribute_name),
               expires: user.send(user.sorcery_config.remember_me_token_expires_at_attribute_name),
               httponly: Config.remember_me_httponly,
-              domain: Config.cookie_domain
+              domain: Config.cookie_domain,
+              secure: Config.remember_me_secure
             }
           end
         end

From f99b3e05a9c66ee791481bad2dc45a054772b47d Mon Sep 17 00:00:00 2001
From: paderinandrey <andy.paderin@gmail.com>
Date: Mon, 6 Dec 2021 21:35:45 +0300
Subject: [PATCH 2/2] Update changelog

---
 CHANGELOG.md | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/CHANGELOG.md b/CHANGELOG.md
index 51502e52..769d4e5d 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -1,6 +1,10 @@
 # Changelog
 ## HEAD
 
+## 0.16.3
+
+* Add secure flag for remember_me cookie [#295](https://github.com/Sorcery/sorcery/pull/295)
+
 ## 0.16.2
 
 * Inline core migration index definition [#281](https://github.com/Sorcery/sorcery/pull/281)