I'm using WAF V2 and enabled cookie-based affinity. But seems like the cookie-based affinity cookies (ApplicationGatewayAffinity, ApplicationGatewayAffinityCORS) are not marked as httponly and secure.
How I can mark those cookies as httponly and secure using Application Gateway Rewrites? Please help.