Symfony version(s) affected: 4.4 / 5.2

Description
Manually setting remember_me cookie secure as auto is still is being set as secure one even if used over http.

Problem is that value 'auto' is being set on \Symfony\Component\Security\Http\RememberMe\TokenBasedRememberMeServices service instead of converting to null (to get data from $request->isSecure() method).

That causes a call to onLoginSuccess with secure being set as auto (string) and being treated as true in Cookie __constructor (which has typed bool conversion).

On the other hand - configuration specifies that 'auto' value should be fine.

$builder->enumNode($name)->values([true, false, 'auto'])->defaultValue('auto' === $value ? null : $value);