Merge branch '4.2'

* 4.2:
  Indicate that cookie_secure is false by default

Author: javiereguiluz

reference/configuration/framework.rst

@@ -1204,11 +1204,11 @@ The possible values for this option are:
 cookie_secure
 .............
 
-**type**: ``boolean`` or ``string`` **default**: ``'auto'``
+**type**: ``boolean`` or ``string`` **default**: ``false``
 
-This determines whether cookies should only be sent over secure connections. The
-default value is ``auto``, which means ``true`` for HTTPS requests and ``false``
-for HTTP requests.
+This determines whether cookies should only be sent over secure connections. In
+addition to ``true`` and ``false``, there's a special ``'auto'`` value that
+means ``true`` for HTTPS requests and ``false`` for HTTP requests.
 
 cookie_httponly
 ...............