Access Gateway and Embedded Service Provider (ESP) of Access Gateway both use session cookies in their communication with the browser. You must protect these session cookies to prevent from being intercepted by hackers.
NOTE:You can enable secure Access Gateway session cookies when only SSL resources exist. If a mix of HTTP and HTTPS proxy services exist, you cannot enable it as it is a global setting.