Setting the HttpOnly and Secure flag

Instructions were added to the documentation on how to set the HttpOnly flag and the Secure flag on the web server and/or application servers.

Without having HttpOnly and Secure flag in HTTP response header, it is possible to steal or manipulate web application session and cookies.

The secure flag tells the browser to only send the cookie back over an HTTPS connection. This ensures that the cookie ID is secure and should only be used on Web sites that use HTTPS. Session Cookies over HTTP no longer work if this feature is enabled.