I want to set secure flag for cookies data when accessing content over HTTPS.
The cookies is used on entire application so need to global configuration to secure all the cookies.
You need to override the default setting using session_set_cookie_params, set the $secure flag to true,
void session_set_cookie_params ( int $lifetime [, string $path [, string $domain [, bool $secure = false [, bool $httponly = false ]]]] )
more info at php.net
In laravel you need to alter the config/session.php configuration,set the secure flag to true
/*
|--------------------------------------------------------------------------
| HTTPS Only Cookies
|--------------------------------------------------------------------------
|
| By setting this option to true, session cookies will only be sent back
| to the server if the browser has a HTTPS connection. This will keep
| the cookie from being sent to you if it can not be done securely.
|
*/
'secure' => true,
In newer versions of laravel you can simply set the SESSION_SECURE_COOKIE=true in the .env file