There are two attributes of cookies that every web developer must be aware of to secure your web application. These two attributes doesn't save your application from all attacks, but at least they reduce the vulnerability to a great extent. These two attributes are:
The second attribute Secure tells that the cookie should be sent as a part of the request if and only if the communication happens over a HTTPS channel. Typically login requests are sent over HTTPS channels. (If you are using a web app that is using HTTP for login page, its time you stop using it!). Typically, as a part of the login response, there will be two sets of cookies set. One that can be sent over both HTTP and HTTPS and another set that can be sent only over HTTPS. It is the cookies that are to be sent over HTTPS that serious parts of your web application should depend on. For e.g. check out of your shopping cart.