[cookie security, client value is easy to be stolen and eavesdropped]

With regard to cookie security, client values are easy to be stolen and eavesdropped.

There is indeed a cookie security problem. Can you direct how to handle the following vulnerabilities.

1. How to set httponly? Is it set in the properties of servermodule?

2. How to include secure attribute in cookie?

[CSRF Attack and http-only attribute]

There are indeed cookie security issues. 1. Httponly must have the function of enabling settings; 2. The secure attribute can also be set.