diff --git a/lib/rack/session/abstract/id.rb b/lib/rack/session/abstract/id.rb
index 52446a5..4ef9b17 100644
--- a/lib/rack/session/abstract/id.rb
+++ b/lib/rack/session/abstract/id.rb
@@ -351,8 +351,7 @@ def commit_session?(req, session, options)
           if options[:skip]
             false
           else
-            has_session = loaded_session?(session) || forced_session_update?(session, options)
-            has_session && security_matches?(req, options)
+            loaded_session?(session) || forced_session_update?(session, options)
           end
         end
 
@@ -368,11 +367,6 @@ def force_options?(options)
           options.values_at(:max_age, :renew, :drop, :defer, :expire_after).any?
         end
 
-        def security_matches?(request, options)
-          return true unless options[:secure]
-          request.ssl? || @assume_ssl == true
-        end
-
         # Acquires the session from the environment and the session id from
         # the session options and passes them to #write_session. If successful
         # and the :defer option is not true, a cookie will be added to the
diff --git a/test/spec_session_abstract_persisted.rb b/test/spec_session_abstract_persisted.rb
index 021791a..b7040be 100644
--- a/test/spec_session_abstract_persisted.rb
+++ b/test/spec_session_abstract_persisted.rb
@@ -68,28 +68,4 @@ def session_exists?(req)
   it "#delete_session raises" do
     proc { @pers.send(:delete_session, nil, nil, nil) }.must_raise RuntimeError
   end
-
-  describe '#security_matches?' do
-
-    it '#security_matches? returns true if secure cookie is off' do
-      @pers.send(:security_matches?, Rack::Request.new({}), {}).must_equal true
-    end
-
-    it '#security_matches? returns true if ssl is on' do
-      req = Rack::Request.new({})
-      req.set_header('HTTPS', 'on')
-      @pers.send(:security_matches?, req, { secure: true }).must_equal true
-    end
-
-    it '#security_matches? returns true if assume_ssl option is set' do
-      req = Rack::Request.new({})
-      pers_with_persist = @class.new(nil, { assume_ssl: true })
-      pers_with_persist.send(:security_matches?, req, { secure: true }).must_equal true
-    end
-
-    it '#security_matches? returns false if secure cookie is on, but not ssl or assume_ssl' do
-      @pers.send(:security_matches?, Rack::Request.new({}), { secure: true }).must_equal false
-    end
-
-  end
 end
diff --git a/test/spec_session_cookie.rb b/test/spec_session_cookie.rb
index 0e4094b..d402f50 100644
--- a/test/spec_session_cookie.rb
+++ b/test/spec_session_cookie.rb
@@ -468,14 +468,13 @@ def call(env)
     response.body.must_match(/"counter"\s*=>\s*1/)
   end
 
-  it "does not return a cookie if set to secure but not using ssl" do
+  it "returns a cookie if set to secure but not using ssl" do
     app = [incrementor, { secure: true }]
 
     response = response_for(app: app)
-    response["Set-Cookie"].must_be_nil
+    response["Set-Cookie"].must_match(/secure/)
 
     response = response_for(app: app, request: { "HTTPS" => "on" })
-    response["Set-Cookie"].wont_be :nil?
     response["Set-Cookie"].must_match(/secure/)
   end