Web Application Session Cookie Does Not Contain the "Secure" Attribute

The session cookie does not contain the "secure" attribute

Session Cookies with "secure" attribute are only permitted to be sent via HTTPS. Session cookies sent via HTTP expose users to sniffing attacks that could lead to user impersonation or account compromise

Apply the "secure" attribute to session cookies to ensure that they will be sent via HTTPS only.