Allow a way to mark all cookies as "HTTP only" and "SSL required" by default

[GrabYourPitchforks]

Basically, this would be an equivalent to the <httpCookies> element in Web.config:

<httpCookies domain="String" 
             httpOnlyCookies="true|false" 
             requireSSL="true|false" />

Allows marking all cookies with these flags regardless of how the CookieOptions object is constructed. More info at http://msdn.microsoft.com/en-us/library/ms228262(v=vs.100).aspx.

[blowdart]

And rename the "secure" cookie option as part of this.

[Eilon]

Removing @GrabYourPitchforks as the assignee 😄 (Unless you like, you know, really want to do it 😄 )

[Tratcher]

@blowdart in this case secure is appropriate because that's the actual text used in the cookie header.