The "secure" attribute prevents cookies from being sent over plaintext connections such as HTTP, where they would be easily eavesdropped upon. Instead, cookies with the secure attribute are only sent over encrypted HTTPS connections.
setcookie function to "true" session.cookie_secure = 1 in the php.ini file ; php.ini session.cookie_secure = 0; Noncompliant // in PHP code session_set_cookie_params($lifetime, $path, $domain, false); // Noncompliant, the last parameter means that the session cookie should not be secure setcookie($name, $value, $expire, $path, $domain, false); // Noncompliant, the last parameter means that the cookie should not be secure