Secure cookie missing HttpOnly and secure flag

Description

Prerequisite: In the config file, the user set <httpCookies httpOnlyCookies="true" requireSSL="true" /> .

Steps to reproduce

1) Open a new Incognito window.
2) Check both cookies EPi: NumberOfVisits, ASPNet Session cookie secure, and HTTPOnly flags.
3) Delete the ASPNet Session cookie.
4) Refresh the page.
5) The EPi: NumberOfVisits cookie doesn't have HttpOnly or Secure set.
6) All communication between the application and load balancer and servers is in https.