As a cookie is an important object for storing the user's session information, it must be configured securely. The following image shows a sample cookie with its attributes:
In the preceding image, the last three parameters are important from the security perspective. The Expires parameter is set to At end of session, which implies the cookie is not persistent and will be destroyed once the user logs out. The Secure flag is set to No, which is a risk. The site should implement HTTPS and then enable the Secure cookie flag. The HTTPOnly flag is set to Yes, which prevents unauthorized access to the cookie from other sites.