javax.servlet.http.Cookie implements java.lang.Cloneable
In Cookie method, there is a method call "setSecure" , what does it use for? if i setSecure(true), is there anything i need to do on my client(javascript) side to read the cookie? what is different set/without setSecure?
All that setSecure(true) does is tell the browser that the cookie should only be sent back to the server if using a "secure" protocol, like https. Your JavaScript code doesn't have to do anything different.
Yup this ensures that your session cookie is not visible to an attacker like man-in-the-middle attack. Instead of setting it manually You could alternatively configure your web.xml to handle it for you automatically.
<session-config>
<cookie-config>
<secure>true</secure>
</cookie-config>
</session-config>
