usertrack.cookie-attrs allows user to add arbitrary attributes to the
cookie set by mod_usertrack, including attributes Secure and HttpOnly
as well as Path
usertrack.cookie-attrs is appended as-is to cookie string
and therefore must be properly URL-encoded
usertrack.cookie-attrs, if set, replaces *all* other cookie attributes,
including "; Path=/; Version=1" as well as the Domain= and Max-Age=
attributes if usertrack.cookie-domain and usetrack.cookie-max-age set,
so those should be part of usertrack.cookie-attrs if desired
e.g.
usertrack.cookie-name = "TRACKID" # (default)
usertrack.cookie-attrs = "; Path=/; Version=1; Domain=mydom.com; Max-Age=86400; Secure; HttpOnly"
x-ref:
"mod_usertrack should have an option to set the 'Secure' and 'HttpOnly' flags on the cookie"
https://redmine.lighttpd.net/issues/2795