User’s session id with secure attribute is false. This vulnerability makes user’s cookies can be sent to the server with an unencrypted request over the HTTP protocol.
Open the browser and access to the website, in this scenario I use the demo website. Check the cookie in browser’s dev tool and realize that the cookie with Secure attribute is false.