1+++
 2repository_url = "https://github.com/pallets/flask"
 3revision = "2fec0b206c6e83ea813ab26597e15c96fab08be7"
 4+++
 5
 6## Edit History
 7
 8```diff
 9--- a/tests/test_basic.py
10+++ b/tests/test_basic.py
11@@ -356,3 +356,6 @@
12     cookie = rv.headers["set-cookie"].lower()
13     assert "samesite=lax" in cookie
14
15
16+de
17+
18+
19 def test_missing_session(app):
20```
21
22// User accepted prediction:
23```diff
24--- a/tests/test_basic.py
25+++ b/tests/test_basic.py
26@@ -358,6 +358,14 @@
27
28
29-de
30+def test_session_cookie_httponly(app, client):
31+    app.config["SESSION_COOKIE_HTTPONLY"] = True
32+
33+    @app.route("/")
34+    def index():
35+        flask.session["testing"] = 42
36+        return "Hello World"
37+
38+    rv = client.get("/")
39+    assert "httponly" in rv.headers["set-cookie"].lower()
40
41
42 def test_missing_session(app):
43```
44
45```diff
46--- a/tests/test_basic.py
47+++ b/tests/test_basic.py
48@@ -358,14 +358,14 @@
49
50
51-def test_session_cookie_httponly(app, client):
52+def test_session_cookie_secur(app, client):
53     app.config["SESSION_COOKIE_HTTPONLY"] = True
54```
55
56## Cursor Position
57
58```tests/test_basic.py
59    cookie = rv.headers["set-cookie"].lower()
60    assert "samesite=lax" in cookie
61
62
63def test_session_cookie_secur(app, client):
64#                            ^[CURSOR_POSITION]
65    app.config["SESSION_COOKIE_HTTPONLY"] = True
66
67    @app.route("/")
68    def index():
69        flask.session["testing"] = 42
70        return "Hello World"
71
72    rv = client.get("/")
73    assert "httponly" in rv.headers["set-cookie"].lower()
74
75
76def test_missing_session(app):
77```
78
79## Expected Patch
80
81```diff
82--- a/tests/test_basic.py
83+++ b/tests/test_basic.py
84@@ -358,14 +358,14 @@
85-def test_session_cookie_secur(app, client):
86-    app.config["SESSION_COOKIE_HTTPONLY"] = True
87+def test_session_cookie_secure(app, client):
88+    app.config["SESSION_COOKIE_SECURE"] = True
89
90     @app.route("/")
91     def index():
92         flask.session["testing"] = 42
93         return "Hello World"
94
95     rv = client.get("/")
96-    assert "httponly" in rv.headers["set-cookie"].lower()
97+    assert "secure" in rv.headers["set-cookie"].lower()
98```