With regard to cookie security, client values are easy to be stolen and eavesdropped.
There is indeed a cookie security problem. Can you direct how to handle the following vulnerabilities.
1. How to set httponly? Is it set in the properties of servermodule?
2. How to include secure attribute in cookie?