diff --git a/web/src/main/java/org/springframework/security/web/authentication/rememberme/AbstractRememberMeServices.java b/web/src/main/java/org/springframework/security/web/authentication/rememberme/AbstractRememberMeServices.java index 1de12f4f44d..5dd1d3745dc 100644 --- a/web/src/main/java/org/springframework/security/web/authentication/rememberme/AbstractRememberMeServices.java +++ b/web/src/main/java/org/springframework/security/web/authentication/rememberme/AbstractRememberMeServices.java @@ -441,7 +441,7 @@ protected int getTokenValiditySeconds() { /** * Whether the cookie should be flagged as secure or not. Secure cookies can only be sent over an HTTPS connection - * and this cannot be accidentally submitted over HTTP where they could be intercepted. + * and thus cannot be accidentally submitted over HTTP where they could be intercepted. *
* By default the cookie will be secure if the request is secure. If you only want to use remember-me over * HTTPS (recommended) you should set this property to {@code true}.