If a cookie is marked secure, it is only transmitted if the communications channel with the host is a secure one. Currently this means that secure cookies are only sent to HTTPS servers. If a cookie is not marked secure, it is considered safe to be sent in unencrypted form over unsecured channels.

In the Enterprise Portal you can configure SAP logon tickets as secure cookies. Then they will only be sent to HTTPS servers. This is a way of ‘forcing’ secure connections between the browser and servers.