From ac0c59709ddad8dbe5dc4ef42617eeb332c7910c Mon Sep 17 00:00:00 2001
From: Craig Campbell <craig@vimeo.com>
Date: Tue, 3 Feb 2015 16:05:01 -0500
Subject: [PATCH] Skip falsy values for SimpleCookie flags

Fixes #1324
---
 tornado/web.py | 6 ++++++
 1 file changed, 6 insertions(+)

diff --git a/tornado/web.py b/tornado/web.py
index 52bfce366..f6cb99429 100644
--- a/tornado/web.py
+++ b/tornado/web.py
@@ -524,6 +524,12 @@ class RequestHandler(object):
         for k, v in kwargs.items():
             if k == 'max_age':
                 k = 'max-age'
+
+            # skip falsy values for httponly and secure flags because
+            # SimpleCookie sets them regardless
+            if k in ['httponly', 'secure'] and not v:
+                continue
+
             morsel[k] = v
 
     def clear_cookie(self, name, path="/", domain=None):
-- 
2.47.2