Revisit Secure token attribute #47878
Description
Use another way to check weather or not we need to use secure cookie. When TLS is enabled cookies should be secured, when it's not enabled it should not. (Otherwise auth will fail and other cookie based workflow too).
Currently we check the config for a certificate to decide that, but most of the time a proxy handles the TLS termination so we should maybe also check request.secure or something related to proxy headers forwarding.
More context here:
#47859 (comment)