In case of HTTPS settings, Apache can be configured so that cookies sent by the web server are secured.
Edit the following file:
As root user
/etc/httpd/conf.d/$DOMAIN_NAME.conf
Add the following line for each virtual host (or ensure that it is present):
Header edit Set-Cookie "^(.+)$" "$1; secure"