Merge pull request #75 from shawncatz/cookie-secure-doc

update doc for cookie.secure to match new defaults and add addiitonal info

revel/skeleton/conf/app.conf.template

@@ -51,8 +51,10 @@ cookie.prefix = REVEL
 # server. This makes the cookie less likely to be exposed to cookie theft via
 # eavesdropping.
 #
-# In dev mode, this will default to false, otherwise it will
+# Defaults to false. If 'http.ssl' is enabled, this will be defaulted to true.
-# default to true.
+# This should only be true when Revel is handling SSL connections. If you are
+# using a proxy in front of revel (Nginx, Apache, etc), then this should be left
+# as false.
 # cookie.secure = false
 
 # Limit cookie access to a given domain