[ad_1]
Sorry, this ended up in the wrong plugin section.
The cookie swpm_session is currently neither using the secure cookie flags. This should be no issue at all when HTTPS is available. Also, I cannot see that the cookie is used by any JavaScript, therefore the HttpOnly flag should be okay.
I could not find an issue tracker where I could raise a ticket or contribute a PR. If there is one, please let me know.