Defaulting secure cookie flag to True

[giacomomiolo]

Hello!

The default at the moment for the flag secure is False.

I'm leaning towards the stance of "secure unless explicitly disabled" over the current "insecure unless explicitly enabled". This change would enhance security by ensuring cookies are only sent over HTTPS, but could introduce hurdles in development environments.

Let me know your thoughts on this!

[Flecart]

This is a breaking change for services that default to HTTP.
But agree with the security aspect.