@Shaheena_Sheikh ,if you don't make your cookie secure, then the cookie can be transmitted over the HTTP connection. so if you use HTTPS also, it is good practice to make your cookie secure.
Check below code
Cookie emailCookie = new Cookie("email", email);
emailCookie.setPath("/");
emailCookie.setMaxAge(31536000);
emailCookie.setPath(";Path=/;HttpOnly;");;
emailCookie.setSecure(true);
response.addCookie(emailCookie);
The cookies which you create using javascript also should make secure.