Secure and httponly options on cookie.
Created by: dosire
If administrators enable config.force_ssl this code automatically tells clients to only send cookies over SSL, improving security by complying with OWASP recommendations: https://www.owasp.org/index.php/Transport_Layer_Protection_Cheat_Sheet#Rule_-_Use_.22Secure.22_Cookie_Flag
If config.force_ssl is not set there will be no effect.