As per @xabbuh 's suggestion on this other issue #26667 (comment) I believe that it's a problem when I set the flag for Secure Session Cookies but it doesn't affect the rest of the cookies that I have.

I believe that two global parameters to flag all Cookies as Secure as well as HttpOnly automatically (not just the Session Cookie) could provide a great enhancement to the framework, due it might help developers to increase the security of their projects on an easier way than the current case, where I need to add a new Kernel.ResponseListener to check for all existing cookies and re-set all of them with Secure flag in the event that they aren't.

Although I could use an update like this on several projects starting from Symfony 2.8 and ending on Symfony 4.x, I don't know if this is something that could be implemented on all these Symfony versions.

Happy to discuss!