Add secure field to removal cookie (#300)

Closes https://github.com/actix/actix-extras/issues/299

actix-session/CHANGES.md

@@ -1,7 +1,9 @@
 # Changes
 
 ## Unreleased - 2021-xx-xx
+- Set secure attribute when adding a session removal cookie. [#300]
 
+[#300]: https://github.com/actix/actix-extras/pull/300
 
 ## 0.7.2 - 2022-09-11
 - Set SameSite attribute when adding a session removal cookie. [#284]

actix-session/src/middleware.rs

@@ -444,6 +444,7 @@ fn delete_session_cookie(
 ) -> Result<(), anyhow::Error> {
     let removal_cookie = Cookie::build(config.name.clone(), "")
         .path(config.path.clone())
+        .secure(config.secure)
         .http_only(config.http_only)
         .same_site(config.same_site);
 

actix-session/tests/middleware.rs

@@ -48,7 +48,7 @@ async fn cookie_storage() -> std::io::Result<()> {
     let deletion_cookie = logout_response.response().cookies().next().unwrap();
     assert_eq!(deletion_cookie.name(), "id");
     assert_eq!(deletion_cookie.path().unwrap(), "/test");
-    assert!(deletion_cookie.secure().is_none());
+    assert!(deletion_cookie.secure().unwrap());
     assert!(deletion_cookie.http_only().unwrap());
     assert_eq!(deletion_cookie.max_age().unwrap(), Duration::ZERO);
     assert_eq!(deletion_cookie.domain().unwrap(), "localhost");