Session Cookie Does Not Contain the "Secure" Attribute

Vulnerability Info:
The secure cookie flag is an option that can be set by the application server when sending a new cookie to the user within an HTTP Response. The purpose of the secure flag is to prevent cookies from being observed by unauthorized parties due to the transmission of a the cookie in clear text.

The fix that i am proposing is Secure the Cookies Session adding the “Secure” attribute into the session-config section on: fess-14.6.1/app/WEB-INF/web.xml

the cookies are still not secured even i added below lines on web.xml

@shinsuke could you please help me on this topic

It’s in