The official Adobe communication is as follows: The affinity cookie is
set by envoy to allocate the client a pointer into the ringhash that
ensures their requests go back to the same pod where they pod exists.
The cookie is a session cookie and must not have Max Age or Expires set
which would make the cookie Persistent (see [1]) It is HttpOnly already.
We only serve traffic over https so it is secure by default. The value
of the cookie has not intrinsic value and does not give the client any
ins...