Use cookie prefixes

Apparently there are security flaws to regular cookies over HTTPS, and cookie prefixes fix them: https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Set-Cookie#Cookie_prefixes

I am not sure if Taguette is susceptible to this (session fixation won't work against Taguette) but we might as well use the secure way. The downside as I understand it is that those cookies only work over HTTPS.