secure flag isn't enforced by recent firefox versions when set in cookie config
When I used an old version of firefox(v42 as this is an application requirement) the session gets expired immediately after I login with my credentials when secure flag is set in my application(since I am accessing the site through http and not https).
When I inspected the developer console I can see that a new session is created every time. I believe this is the expected behavior since the cookie won't be valid in case of http requests. This doesn't happen in the case of modern versions of firefox. Why is this so? Is this because I am accessing the site on localhost?
Modified