How to enable secure cookies when using Drupal 8 with proxy/LB/Cloudflare
Drupal 8 only sends the secure flag on the session cookie for HTTPs connections. That may be a problem when there’s multiple layers of servers and reverse proxies between the user and the server. Imagine `Server (HTTP) -> Load Balancer (80) -> Cloudflare (443)`, Drupal may incorrectly assume its getting an HTTP connection and will not send the cookie.
From a user perspective, the cookie is being sent from Cloudflare through an HTTPs connection and should have the secure flag in the cookie.
For previous Drupal releases it was possible to hard code the connection mode, such as `settings.php: $conf[‘https’] = 1;`
For Drupal 8 you may work around the issue by Secure Login module in its default settings.