Cookies remain without Secure Attribute after changing ticket_only_by_https = 1, SystemCookiesHTTPSProtection=true, and ume.logon.security.enforce_secure_cookie=True.
1.)ABAP: sap-appcontext cookies
2.)Portal: com.sap.engine.security.authentication.original_application_url
Security guidelines advice us to put all cookies into secure flag.
1.) What are these cookies, the information it contain and how are they use?
2.) Is it necessary to set this cookies to secure flag? If not is how does SAP handles possible cookie hijacking?