SSL cookie without secure flag set- Penetration testing - Fix

web.xml changes
Servlet 3.0 (Java EE 6) introduced a standard way to configure secure attribute for the session cookie, this can be done by applying the following configuration in web.xml

  true