I have a web site running on an MX7 server with IIS. It is an SSL only site and going to the site url forwards you to SSL mode. The site is being security tested by some firm in Japan and the only thing that they say is a security risk is that my cookies are not secure. They say to set the secure flag when creating cookies. The cookies that they describe are CFID and CFTOKEN which I believe are created automatically within the application framework. Anybody have any hints on how to make these secure?