Cookies Containing Sensitive Data
Cookies are vulnerable to man-in-the middle attacks if their secure
  attribute does not match the session connection (HTTP or HTTPS).
A cookie that contains sensitive data, such as authentication information, should have its secure attribute set to true, and it should only be created and used
	 only within an HTTPS session. You should not rely on either the secure attribute alone or on the
	 SSL connection alone to protect the data.
Setting the secure attribute to true in an HTTP session
	 instructs the web browser to send the cookie only over a secure channel, such as an SSL connection.
	 However, subsequent requests and responses are over HTTP and unsecured, leaving the cookie
	 vulnerable.
Conversely, in an HTTPS session, issuing a cookie the secure attribute set
	 to false allows the browser to transmit it over unencrypted connections, which are
	 susceptible to eavesdropping. 
Thus a cookie is vulnerable to man-in-the-middle attacks if:
- secure="T"is specified in an HTTP connection
- secure="F"is specified in an HTTPS connection
Defense
- Only set secure="F"if required. By default, Uniface setssecure="T".
- Set secure="T"to true for all cookies used by HTTPS sessions.
- Use $encode and $decode to encrypt and decrypt the content when using HTTPS.
