We have a security issue with session cookie handling, filed under
Bug #10275: CVE-2015-3155 - The _session_id cookie is issued without the Secure flag - Foreman which needs a developer.
If you can work on it, please self-assign the Redmine ticket and submit
a pull request as usual.
Thanks,