Checkmarx Issue: Insecure Cookie

Question

In the below code I got a Checkmarx issue of Insecure Cookie/

In the Startup class, I'm using self-host API.

class Program
{
    [STAThread]
    private static void Main()
    {
        string Mutex_id = "Recorder";
        using (Mutex mutex = new Mutex(false, Mutex_id))
        {
            if (!mutex.WaitOne(0,false))
            {
                return;
            }
            string baseAddress = ConfigurationManager.AppSettings.Get("BaseAddress");

            // Start OWIN host 
            using (WebApp.Start<Startup>(url: baseAddress))
            {
                Application.Run();
            }
        }
    }
}

public class Startup
{
    // This code configures Web API. The Startup class is specified as a type
    // parameter in the WebApp.Start method.
    public void Configuration(IAppBuilder appBuilder)
    {
        // Configure Web API for self-host. 
        HttpConfiguration config = new HttpConfiguration();
        config.Routes.MapHttpRoute(
            name: "DefaultApi",
            routeTemplate: "api/{controller}/{action}/{id}",
            defaults: new { id = RouteParameter.Optional }
        );
        appBuilder.UseWebApi(config);
        config.Formatters.JsonFormatter.SerializerSettings = new JsonSerializerSettings();
    }
}

Here is the Checkmarx report: