Merge pull request #4609 from StefanSpieker/spotbugs_cookie

Set httpOnly and secure on cookies to fix spotbugs issue

core/src/main/java/jenkins/model/Jenkins.java

@@ -4559,6 +4559,8 @@ public class Jenkins extends AbstractCIBase implements DirectlyModifiableTopLeve
             throw new ServletException();
         Cookie cookie = new Cookie("iconSize", Functions.validateIconSize(qs));
         cookie.setMaxAge(/* ~4 mo. */9999999); // #762
+        cookie.setSecure(req.isSecure());
+        cookie.setHttpOnly(true);
         rsp.addCookie(cookie);
         String ref = req.getHeader("Referer");
         if(ref==null)   ref=".";