When using HTTPS, secure cookie to prevent potential weakness

[kim-fitness]

Describe the bug
The Set-Cookie does not contains secure flag, which is considered as CWE of "Sensitive Cookie in HTTPS Session Without 'Secure' Attribute", reference link as below,
http://cwe.mitre.org/data/definitions/614.html

To Reproduce
Steps to reproduce the behavior:

1. Go to 'login' page
2. Click on 'Keep me signed in' and then do login
3. See the Set-Cookie in http response header of calling index.php by HTTP POST
4. There is no secure flag.

Expected behavior
Need secure flag for Set-Cookie.
The attached picture shows the correct behavior after I fixed this issue.

Screenshots
If applicable, add screenshots to help explain your problem.

Desktop (please complete the following information):

• OS: [e.g. iOS]
• Browser [e.g. chrome, safari]
• Version [e.g. 22]

Smartphone (please complete the following information):

• Device: [e.g. iPhone6]
• OS: [e.g. iOS8.1]
• Browser [e.g. stock browser, safari]
• Version [e.g. 22]

Additional context
Add any other context about the problem here.

[cigamit]

Closing. Thanks for your contribution.