Intro
When you set a cookie, ensure that it contains the secure attribute. This keeps it from being sent to an unencrypted session (http)
It is possible to navigate to a http site where information is plain text.
Redirect this traffic to the https encrypted site instead