Configuring application security for web applications
All web applications that are installed on IBM® WebSphere® Application Server are set to secure for cookies and single sign-on. You must use HTTPS and the secure port number to access the web application as HTTP is no longer valid.