You can force cookies to only run through secure connections:

Cookie.setSecure(true)


Is this what you mean?