Cookie JSESSIONID does not have Secure flag when Control Panel is accessed via HTTPS.
This is caused by software-related issue #POA-110508.
This issue will be resolved in one of the future product updates. Contact your Technical Account Manager or Pooled Technical Associate Team (firstname.lastname@example.org) in order to trace the current status of #POA-110508.
Add the following line into
.htaccessfile of the brand:
Header edit Set-Cookie ^(.*)$ $1;HttpOnly;Secure
Restart Apache on the branding node:
service httpd restart