From 9ba7705b959ac7b5ac402b22ecb698d3edadb80c Mon Sep 17 00:00:00 2001
From: Michael Chase <mchase@ancestry.com>
Date: Thu, 31 Aug 2017 20:50:19 -0700
Subject: [PATCH] If a flag cookie is set to False dont include it

---
 sanic/cookies.py      |  5 +++--
 tests/test_cookies.py | 34 +++++++++++++++++++++++++++-------
 2 files changed, 30 insertions(+), 9 deletions(-)

diff --git a/sanic/cookies.py b/sanic/cookies.py
index 16b798df..ce096cd2 100644
--- a/sanic/cookies.py
+++ b/sanic/cookies.py
@@ -116,8 +116,9 @@ class Cookie(dict):
                     ))
                 except AttributeError:
                     output.append('%s=%s' % (self._keys[key], value))
-            elif key in self._flags and self[key]:
-                output.append(self._keys[key])
+            elif key in self._flags:
+                if self[key]:
+                    output.append(self._keys[key])
             else:
                 output.append('%s=%s' % (self._keys[key], value))
 
diff --git a/tests/test_cookies.py b/tests/test_cookies.py
index d88288ee..754985b0 100644
--- a/tests/test_cookies.py
+++ b/tests/test_cookies.py
@@ -1,7 +1,7 @@
 from datetime import datetime, timedelta
 from http.cookies import SimpleCookie
 from sanic import Sanic
-from sanic.response import json, text
+from sanic.response import text
 import pytest
 
 
@@ -29,21 +29,41 @@ def test_cookies():
         (False, False),
         (True, True),
 ])
-def test_false_cookies(httponly, expected):
+def test_http_only_cookies(httponly, expected):
     app = Sanic('test_text')
 
     @app.route('/')
     def handler(request):
-        response = text('Cookies are: {}'.format(request.cookies['test']))
+        response = text('Giving you cookies')
         response.cookies['right_back'] = 'at you'
         response.cookies['right_back']['httponly'] = httponly
         return response
 
     request, response = app.test_client.get('/')
-    response_cookies = SimpleCookie()
-    response_cookies.load(response.headers.get('Set-Cookie', {}))
+    set_cookie_text = response.headers.get('Set-Cookie', '')
 
-    'HttpOnly' in response_cookies == expected
+    assert ('HttpOnly' in set_cookie_text) == expected
+    assert 'HttpOnly=' not in set_cookie_text
+
+@pytest.mark.parametrize("secure,expected", [
+        (False, False),
+        (True, True),
+])
+def test_secure_cookies(secure, expected):
+    app = Sanic('test_text')
+
+    @app.route('/')
+    def handler(request):
+        response = text('Giving you cookies')
+        response.cookies['right_back'] = 'at you'
+        response.cookies['right_back']['secure'] = secure
+        return response
+
+    request, response = app.test_client.get('/')
+    set_cookie_text = response.headers.get('Set-Cookie', '')
+
+    assert ('Secure' in set_cookie_text) == expected
+    assert 'Secure=' not in set_cookie_text
 
 def test_http2_cookies():
     app = Sanic('test_http2_cookies')
@@ -93,4 +113,4 @@ def test_cookie_deletion():
 
     assert int(response_cookies['i_want_to_die']['max-age']) == 0
     with pytest.raises(KeyError):
-        hold_my_beer = response.cookies['i_never_existed']
+        response.cookies['i_never_existed']