I'm using Jboss 4.0.4. Is there a way to mark the tomcat session cookie secure? We use https for all our pages and want to mark the session cookie secure.

On a related topic, is there a way to change the name of the session cookie?